CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-22252

A missing authentication for critical function in Fortinet FortiProxy versions 7.6.0 through 7.6.1, FortiSwitchManager version 7.2.5, and FortiOS versions 7.4.4 through 7.4.6 and version 7.6.0 may allow an attacker with knowledge of an existing admin account to access the device as a valid admin via an authentication bypass.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.008

EPSS Ranking 52.1%

CVSS Severity

CVSS v3 Score 9.8

References

https://fortiguard.fortinet.com/psirt/FG-IR-24-472

Products affected by CVE-2025-22252

Fortinet » Fortiproxy » Version: 7.6.0

cpe:2.3:a:fortinet:fortiproxy:7.6.0
Fortinet » Fortiswitchmanager » Version: 7.2.5

cpe:2.3:a:fortinet:fortiswitchmanager:7.2.5
Fortinet » Fortios » Version: 7.4.4

cpe:2.3:o:fortinet:fortios:7.4.4
Fortinet » Fortios » Version: 7.4.5

cpe:2.3:o:fortinet:fortios:7.4.5
Fortinet » Fortios » Version: 7.4.6

cpe:2.3:o:fortinet:fortios:7.4.6
Fortinet » Fortios » Version: 7.6.0

cpe:2.3:o:fortinet:fortios:7.6.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-22252

Products

Pricing

Contact Us