A critical vulnerability was identified in Fortinet’s FortiProxy, FortiSwitchManager, and FortiOS products. This vulnerability, CVE-2025-22252, enables an attacker who possess knowledge of an existing administrative account to bypass authentication and gain unauthorized access to the device as a valid administrator. Continue reading this Cybersecurity Threat Advisory to learn how to prevent an authentication bypass.
What is the threat?
CVE-2025-22252, with a CVSS score of 9.8, is a missing authentication vulnerability affecting FortiProxy, FortiSwitchManager, and FortiOS. Attackers with valid administrative credentials can exploit this flaw to bypass authentication entirely and gain unauthorized administrative access to the device.
Why is it noteworthy?
This vulnerability impacts the security measure in place for network security. The ability for an attacker to bypass authentication and gain admin access can lead to severe consequences, including data breaches, unauthorized changes to network configurations, and potential exploitation of any other vulnerabilities within the network.
What is the exposure or risk?
CVE-2025-22252 affects FortiProxy 7.6.0 through 7.6.1, FortiSwitchManager 7.2.5, and FortiOS 7.4.4 through 7.4.6, 7.6.0. Organizations using these Fortinet products face the following risks:
- Unauthorized access: Attackers can exploit the vulnerability to gain administrative access, allowing them to manipulate device settings, access sensitive data, and potentially disrupt services.
- Data breaches: With administrative privileges, attackers can exfiltrate sensitive information, leading to data breaches that could have legal and financial repercussions for organizations.
- Network compromise: The vulnerability can serve as a foothold for attackers to launch further attacks within the network, potentially compromising additional systems and data.
- Reputation damage: Organizations that fall victim to exploitation may suffer reputational damage, which can impact customer trust and business relationships.
- Compliance violations: Exploiting this vulnerability may lead to regulatory requirements violations, resulting in fines and legal action. Active exploitation of these vulnerabilities compounds the risk, making immediate remediation essential.
What are the recommendations?
Barracuda recommends the following actions to limit the impact of CVE-2025-22252:
- Patch affected products immediately by updating to the latest versions as soon as patches become available.
- Strengthen access controls to ensure that only authorized personnel have administrative access to critical systems.
- Implement robust monitoring and logging to detect unauthorized access attempts or suspicious activity.
- Establish an incident response plan to address any potential exploitation of this vulnerability effectively.
- Educate users on the importance of creating strong passwords and the risks associated with sharing administrative credentials.
Reference
For more in-depth information about the Vulnerabilities, please visit the following link:
If you have any questions about this Cybersecurity Threat Advisory, don’t hesitate to get in touch with Barracuda Managed XDR’s Security Operations Center.
This post originally appeared on Smarter MSP.