What is CVE-2025-22252?

A critical authentication bypass vulnerability has been identified in Fortinet's FortiProxy, FortiSwitchManager, and FortiOS. Organizations using affected versions should prioritize patching immediately to prevent unauthorized access.

What is the severity of CVE-2025-22252?

CVE-2025-22252 has a severity rating of CRITICAL with a CVSS base score of 9.8.

CVE-2025-22252 | Critical Vulnerability in Fortinet FortiProxy, FortiSwitchManager, and FortiOS

A critical vulnerability has been discovered in Fortinet's FortiProxy, FortiSwitchManager, and FortiOS products. This vulnerability allows an attacker with knowledge of an existing admin account to access the device as a valid admin via an authentication bypass. The affected versions include FortiProxy versions 7.6.0 through 7.6.1, FortiSwitchManager version 7.2.5, and FortiOS versions 7.4.4 through 7.4.6 and version 7.6.0.

With a CVSS score of 9.8, this vulnerability is categorized as critical, emphasizing the urgency for organizations to address this issue. The potential for unauthorized access is significant, posing a risk to the confidentiality, integrity, and availability of the affected systems.

No public exploit has been confirmed for this vulnerability, and it has not been included in the Known Exploited Vulnerabilities (KEV) catalog. However, the lack of an exploit does not diminish the severity of the risk. Organizations should prioritize patching immediately.

Given the critical nature of this vulnerability, organizations are urged to implement the necessary patches as part of their immediate remediation efforts. Failure to do so could expose systems to significant security risks.

Vulnerability Details

The vulnerability is characterized by a missing authentication for critical functions in the affected Fortinet products. The CVSS vector is as follows: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H, indicating high impacts on confidentiality, integrity, and availability.

The affected components are FortiProxy, FortiSwitchManager, and FortiOS, specifically in versions 7.6.0 through 7.6.1 for FortiProxy, version 7.2.5 for FortiSwitchManager, and versions 7.4.4 through 7.4.6 and 7.6.0 for FortiOS. This vulnerability falls under the CWE classification of CWE-306.

Technical Analysis

The root cause of this vulnerability lies in the improper implementation of authentication mechanisms for critical functions within the affected Fortinet products. Attackers can exploit this flaw without requiring elevated privileges or user interaction, making it particularly dangerous.

The vulnerability can be exploited over the network, with low attack complexity. This means that an attacker does not need advanced skills or knowledge to take advantage of this flaw. The potential impacts of successful exploitation include unauthorized access to sensitive information and control over the affected devices.

Risk & Impact Analysis

Risk to organizations includes unauthorized access to administrative functions, which could lead to significant data breaches or system manipulations. The blast radius potential is considerable, affecting any organization using the specified versions of Fortinet products.

Given the CVSS score of 9.8, organizations should assess the urgency of remediation based on their deployment of impacted systems. This vulnerability represents a critical threat that could compromise the security posture of affected organizations if not addressed promptly.

Exploitation Status

Signal	Status
Known Exploit	No
Public PoC	No
Actively Exploited	No
Ransomware Use	No

Affected Versions

The affected versions include FortiProxy versions 7.6.0 through 7.6.1, FortiSwitchManager version 7.2.5, and FortiOS versions 7.4.4 through 7.4.6 and 7.6.0. Organizations should update to the latest versions immediately.

Mitigation & Remediation

Organizations should prioritize patching to the latest versions of Fortinet products. For detailed guidance on securing your systems, consider engaging in penetration testing services to identify additional vulnerabilities.

Detection Guidance

Organizations should monitor logs for any unauthorized access attempts and review system changes that could indicate exploitation attempts. Anomalies in user behavior may also signal attempts to exploit the vulnerability.

AppSecure Threat Intelligence Insight

The long-term significance of this vulnerability underscores the need for robust security measures in network devices. This incident highlights the importance of regular updates and security assessments, such as penetration testing methodology to ensure vulnerabilities are identified before they can be exploited.

Furthermore, organizations should adopt a comprehensive approach to security, including security testing best practices and continuous monitoring to improve their resilience against future vulnerabilities.

Ultimately, the exploitation of this vulnerability serves as a reminder of the evolving threat landscape and the need for organizations to remain vigilant.

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

CVE ID	Title	Severity	Vulnerability Type	Published
CVE-2025-65418	CVE-2025-65418: High Vulnerability in docuFORM Managed Print Service Client	HIGH	Path Traversal	May 11, 2026
CVE-2025-65417	CVE-2025-65417: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	XSS	May 11, 2026
CVE-2025-65416	CVE-2025-65416: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Unrestricted File Upload	May 11, 2026
CVE-2025-65415	CVE-2025-65415: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Session Fixation	May 11, 2026
CVE-2025-61314	CVE-2025-61314: High Vulnerability in GmbH Mecury Managed Print Services	HIGH	XSS	May 11, 2026

CVE-2025-22252: Critical Vulnerability in Fortinet FortiProxy, FortiSwitchManager, and FortiOS