vulnerability:information=remediation vulnerability:origin=software
Created on 2025-05-15 12:16 and updated on 2025-05-15 12:16.
Description
Risks
FortiOS, FortiProxy, and FortiSwitchManager are core components of Fortinet’s network security and management infrastructure, which provide firewalling, proxy services, and centralized switch management.
CVE-2025-22252 is a missing authentication vulnerability that allows an unauthenticated attacker with knowledge of an existing admin account to access the device as a valid admin. Exploitation of this flaw could grant attackers unauthorized control over network infrastructure, threatening confidentiality through data exposure, integrity via configuration tampering, and availability by disrupting critical services.
Description
CVE-2025-22252 is a missing authentication for critical function vulnerability in devices configured to use a remote TACACS+ server for authentication configured to use ASCII authentication. It may allow an attacker with knowledge of an existing admin account to access the device as a valid admin via an authentication bypass, potentially resulting in complete system compromise, data theft and service disruption.
Associated vulnerability
CVE-2025-22252Related vulnerabilities
Meta
[
{
"ref": [
"https://ccb.belgium.be/advisories/warning-cve-2025-22252-missing-authentication-vulnerability-fortios-fortiproxy-and"
],
"tags": [
"vulnerability:information=remediation",
"vulnerability:origin=software"
]
}
]