{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2025-22252","assignerOrgId":"6abe59d8-c742-4dff-8ce8-9b0ca1073da8","state":"PUBLISHED","assignerShortName":"fortinet","dateReserved":"2025-01-02T10:21:04.196Z","datePublished":"2025-05-28T07:55:49.946Z","dateUpdated":"2026-02-26T18:27:51.978Z"},"containers":{"cna":{"affected":[{"vendor":"Fortinet","product":"FortiProxy","cpes":[],"defaultStatus":"unaffected","versions":[{"versionType":"semver","version":"7.6.0","lessThanOrEqual":"7.6.1","status":"affected"}]},{"vendor":"Fortinet","product":"FortiSwitchManager","cpes":[],"defaultStatus":"unaffected","versions":[{"version":"7.2.5","status":"affected"}]},{"vendor":"Fortinet","product":"FortiOS","cpes":["cpe:2.3:o:fortinet:fortios:7.6.0:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.4.6:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.4.5:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.4.4:*:*:*:*:*:*:*"],"defaultStatus":"unaffected","versions":[{"version":"7.6.0","status":"affected"},{"versionType":"semver","version":"7.4.4","lessThanOrEqual":"7.4.6","status":"affected"}]}],"descriptions":[{"lang":"en","value":"A missing authentication for critical function in Fortinet FortiProxy versions 7.6.0 through 7.6.1, FortiSwitchManager version 7.2.5, and FortiOS versions 7.4.4 through 7.4.6 and version 7.6.0 may allow an attacker with knowledge of an existing admin account to access the device as a valid admin via an authentication bypass."}],"providerMetadata":{"orgId":"6abe59d8-c742-4dff-8ce8-9b0ca1073da8","shortName":"fortinet","dateUpdated":"2025-05-28T07:55:49.946Z"},"problemTypes":[{"descriptions":[{"lang":"en","cweId":"CWE-306","description":"Escalation of privilege","type":"CWE"}]}],"metrics":[{"format":"CVSS","cvssV3_1":{"version":"3.1","attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":9,"baseSeverity":"CRITICAL","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:W/RC:C"}}],"solutions":[{"lang":"en","value":"Please upgrade to FortiProxy version 7.6.2 or above \nPlease upgrade to FortiSwitchManager version 7.2.6 or above \nPlease upgrade to FortiOS version 7.6.1 or above \nPlease upgrade to FortiOS version 7.4.7 or above"}],"references":[{"name":"https://fortiguard.fortinet.com/psirt/FG-IR-24-472","url":"https://fortiguard.fortinet.com/psirt/FG-IR-24-472"}]},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"id":"CVE-2025-22252","role":"CISA Coordinator","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"total"}],"version":"2.0.3","timestamp":"2025-05-29T03:55:47.304655Z"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2026-02-26T18:27:51.978Z"}}]}}