What is CVE-2025-22254 — Privilege Escalation in FortiOS?

CVE-2025-22254 is a vulnerability in FortiOS, FortiProxy, and FortiWeb that allows authenticated read-only admins to gain super-admin privileges via crafted websocket requests.

Am I affected by CVE-2025-22254 in FortiOS?

You are affected if you are running FortiOS 6.4.0-7.6.1, FortiProxy 7.4.0-7.6.1, or FortiWeb 7.4.0-7.6.1.

How do I fix CVE-2025-22254 in FortiOS?

Upgrade to a patched version of FortiOS, FortiProxy, or FortiWeb as recommended by Fortinet. Check their security advisories for specific version details.

Is CVE-2025-22254 being actively exploited?

As of June 10, 2025, no public exploits have been released, but the vulnerability's ease of exploitation means active exploitation is possible.

Where can I find the official Fortinet advisory for CVE-2025-22254?

Refer to the official Fortinet security advisory on their website for detailed information and mitigation steps: [https://www.fortinet.com/security/advisory/fortinet-security-advisory/CVE-2025-22254](https://www.fortinet.com/security/advisory/fortinet-security-advisory/CVE-2025-22254)

CVE-2025-22254 — Vulnerability Details

NEXTGUARD

Gratis scannen

CVE-2025-22254 — Vulnerability Details | NextGuard

Detectiestappenwordt vertaald…

• fortinet: Examine FortiOS system logs for unusual websocket requests or attempts to modify system configurations by read-only administrators.

Get-WinEvent -LogName Security -FilterXPath '//Event[System[Provider[@Name='Fortinet FortiOS']]]'

• linux / server: Monitor Fortinet device logs using journalctl for suspicious activity related to the Node.js websocket module.

journalctl -u fortinet -f | grep "websocket"

• generic web: Use curl to test the websocket endpoint and observe the response for any unexpected behavior.

curl -v wss://<fortigate_ip>/node.js/websocket

Een Improper Privilege Management [CWE-269] kwetsbaarheid in Fortinet FortiOS 7.6.0 t/m 7.6.1, FortiOS 7.4.0 t/m 7.4.6, FortiOS 7.2.0 t/m 7.2.10, FortiOS 7.0.0 t/m 7.0.16,

Impact en Aanvalsscenarios

Uitbuitingscontext

Wie Loopt Risicowordt vertaald…

Detectiestappenwordt vertaald…

Aanvalstijdlijn

Dreigingsinformatie

Getroffen Software

Zwakheidsclassificatie (CWE)

Tijdlijn

Mitigatie en Workarounds

Hoe te verhelpenwordt vertaald…

CVE Beveiligingsnieuwsbrief

Veelgestelde vragenwordt vertaald…

What is CVE-2025-22254 — Privilege Escalation in FortiOS?

Am I affected by CVE-2025-22254 in FortiOS?

How do I fix CVE-2025-22254 in FortiOS?

Is CVE-2025-22254 being actively exploited?

Where can I find the official Fortinet advisory for CVE-2025-22254?

Is jouw project getroffen?