#VU109045 Missing authentication for critical function in Fortinet, Inc products - CVE-2025-22252

Cybersecurity Help s.r.o.

Published: 2025-05-13

Vulnerability identifier: #VU109045

Vulnerability risk: High

CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2025-22252

CWE-ID: CWE-306

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
FortiOS
Operating systems & Components / Operating system
FortiProxy
Hardware solutions / Routers & switches, VoIP, GSM, etc
FortiSwitch Manager
Client/Desktop applications / Software for system administration

Vendor: Fortinet, Inc

Description

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

The vulnerability exists due to missing authentication for critical function. An attacker with knowledge of an existing admin account can bypass TACACS+ authentication and access the device as a valid admin.

Mitigation
Install update from vendor's website.

Vulnerable software versions

FortiOS: 7.4.4, 7.4.5, 7.4.6, 7.6.0

FortiProxy: 7.6.0, 7.6.1

FortiSwitch Manager: 7.2.5

External links
https://www.fortiguard.com/psirt/FG-IR-24-472

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Missing authentication for critical function in Fortinet products