【Vulnerability Alert】 Fortinet Devices Have an Authentication Bypass Vulnerability (CVE-2025-22252)

• Subject: 【Vulnerability Alert】 Fortinet Devices Have an Authentication Bypass Vulnerability (CVE-2025-22252)
• Description:
  • Forwarded by Taiwan Computer Network Emergency Response Team Coordination Center TWCERTCC-200-202505-00000015
  • Recently, Fortinet released a major security vulnerability announcement, indicating that multiple products are affected, including FortiOS, FortiProxy, and FortiSwitchManager. This vulnerability (CVE-2025-22252, CVSS: 9.0) allows attackers to bypass authentication and gain administrative access.
• Affected Platforms:
  • FortiOS 7.6.0
  • FortiOS 7.4.4 to 7.4.6
  • FortiProxy 7.6.0 to 7.6.1
  • FortiSwitchManager 7.2.5
• Recommended Actions:
  • Please update to the following versions:
  • FortiOS 7.6.1 or later
  • FortiOS 7.4.7 or later
  • FortiProxy 7.6.2 or later
  • FortiSwitchManager 7.2.6 or later
• Reference:
  • https://www.twcert.org.tw/tw/cp-169-10126-a63a3-1.html

Network System Division
Computer and Communication Center9