How severe is CVE-2025-22862?

CVE-2025-22862 has a CVSS v3 score of 6.7 (MEDIUM).

CVE-2025-22862

Name: fortiproxy
Author: fortinet

6.7MEDIUM

An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] in FortiOS 7.4.0 through 7.4.7, 7.2.0 through 7.2.11, 7.0.6 and above; and FortiProxy 7.6.0 through 7.6.2, 7.4.0 thr

发布于: 10/2/2025更新于: 10/15/2025

描述

An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] in FortiOS 7.4.0 through 7.4.7, 7.2.0 through 7.2.11, 7.0.6 and above; and FortiProxy 7.6.0 through 7.6.2, 7.4.0 through 7.4.8, 7.2 all versions, 7.0.5 and above may allow an authenticated attacker to elevate their privileges via triggering a malicious Webhook action in the Automation Stitch component.

AI分析AI驱动

受影响产品

fortinetfortios

fortinetfortiproxy

参考资料

https://fortiguard.fortinet.com/psirt/FG-IR-24-385
Vendor Advisory