A missing authentication for critical function in Fortinet FortiProxy versions 7.6.0 through 7.6.1, FortiSwitchManager version 7.2.5, and FortiOS versions 7.4.4 through 7.4.6 and version 7.6.0 may all

The impact of CVE-2025-22252 is severe. Successful exploitation allows an attacker to completely compromise the affected Fortinet device, effectively gaining full administrative control. This includes the ability to modify configurations, access sensitive data, install malicious software, and potentially pivot to other systems within the network. The attacker's ability to bypass authentication significantly lowers the barrier to entry, making this vulnerability a high-priority target. A compromised FortiProxy could be used to intercept and modify network traffic, leading to data breaches and further compromise. The potential for lateral movement is significant, as an attacker could leverage the compromised device to gain access to other systems on the network.

Organizations heavily reliant on Fortinet FortiProxy for web filtering, VPN termination, and secure web gateways are particularly at risk. Shared hosting environments where multiple customers share the same FortiProxy instance are also vulnerable, as a compromise of one customer's account could potentially lead to broader access. Legacy deployments using older, unpatched FortiOS versions are especially susceptible.

• fortinet: Check FortiOS/FortiProxy versions.

Get-FortiProxy | Select-Object Version

• fortinet: Monitor FortiProxy logs for unusual login attempts or configuration changes.

Get-FortiProxyLog -Type Authentication -StartDate (Get-Date).AddDays(-7) | Where-Object {$_.Status -ne "Success"}

• fortinet: Review firewall rules for unexpected access patterns.

Get-FortiFirewallPolicy | Where-Object {$_.Action -eq "ACCEPT" -and $_.Destination -match "untrusted_network"}

• generic web: Check for exposed admin interfaces via curl.

curl -I https://<fortiproxy_ip>/admin

1. 2025-05-28Disclosure

   disclosure

2. 2025-05-28Patch

   patch

1. 已保留2025-01-02
2. 发布日期2025-05-28
3. 修改日期2026-02-26
4. EPSS 更新日期2026-03-23

The primary mitigation for CVE-2025-22252 is to upgrade to a patched version of Fortinet FortiProxy, FortiSwitchManager, or FortiOS. Fortinet has released updates to address this vulnerability. If immediate patching is not possible due to compatibility concerns or testing requirements, consider implementing temporary workarounds such as restricting access to the FortiProxy management interface to trusted networks and enabling multi-factor authentication where possible. Monitor FortiProxy logs for suspicious activity, particularly failed login attempts or unusual configuration changes. After upgrading, confirm the fix by attempting to access the device with a known admin account and verifying that authentication is enforced as expected.