Date: 30 May 2025

A critical authentication bypass vulnerability has been reported in Fortinet products, including FortiProxy, FortiOS, and FortiSwitchManager. Attackers can use known admin credentials to log in without proper authentication, putting systems at serious risk.

 

Overview

The issue allows attackers to bypass authentication mechanisms for administrative access. Devices exposed to the internet or shared networks are at particular risk of compromise.

CVE ID: CVE-2025-22252

Severity: Critical

Type: Authentication Bypass

Affected Versions:

  • FortiProxy: 7.6.0 to 7.6.1
  • FortiOS: 7.4.4 to 7.4.6 and 7.6.0
  • FortiSwitchManager: 7.2.5

 

Mitigation Steps

  • Immediately apply patches as provided in Fortinet’s advisory.
  • Restrict administrative interfaces to trusted internal networks only.
  • Review admin account activity logs for signs of misuse or unauthorised access.

Summary for Security Teams

  • Product: FortiProxy, FortiOS, FortiSwitchManager
  • Threat Level: Critical
  • Action: Patch and audit administrative access immediately

    Reference

    Need Help?

    If your organisation requires assistance identifying affected systems, applying updates or adjusting controller configurations, our team is here to help. Email us via soc@secure-iss.com for assistance.