CVE-2025-22252 — CRITICAL (9.8)

Q: How severe is CVE-2025-22252?

CVE-2025-22252 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Q: Is there a patch for CVE-2025-22252?

Check the references section above for vendor advisories and patch information. Affected products include: Fortinet Fortiproxy, Fortinet Fortiswitchmanager, Fortinet Fortios.

Vulnerability Description

A missing authentication for critical function in Fortinet FortiProxy versions 7.6.0 through 7.6.1, FortiSwitchManager version 7.2.5, and FortiOS versions 7.4.4 through 7.4.6 and version 7.6.0 may allow an attacker with knowledge of an existing admin account to access the device as a valid admin via an authentication bypass.

CVSS Score

9.8

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Fortinet	Fortiproxy	7.6.0
Fortinet	Fortiswitchmanager	7.2.5
Fortinet	Fortios	>= 7.4.4, < 7.4.7

Related Weaknesses (CWE)

CWE-306

References

https://fortiguard.fortinet.com/psirt/FG-IR-24-472Vendor Advisory

FAQ

What is CVE-2025-22252?

CVE-2025-22252 is a vulnerability with a CVSS score of 9.8 (CRITICAL). A missing authentication for critical function in Fortinet FortiProxy versions 7.6.0 through 7.6.1, FortiSwitchManager version 7.2.5, and FortiOS versions 7.4.4 through 7.4.6 and version 7.6.0 may all...

How severe is CVE-2025-22252?

CVE-2025-22252 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2025-22252?

Check the references section above for vendor advisories and patch information. Affected products include: Fortinet Fortiproxy, Fortinet Fortiswitchmanager, Fortinet Fortios.