CVE Catalog

CVE-2025-22862

MediumCVSS 6.7
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.03%

8th percentile - higher than 8% of all known CVEs

Summary

FortiOS and FortiProxy have an authentication bypass vulnerability that may allow an authenticated attacker to elevate their privileges by triggering a malicious Webhook action in the Automation Stitch component.

Risk Assessment

An attacker with existing access could gain elevated privileges, posing a serious threat to the security of the system and organizational data.

Recommendation

It is recommended to update to the latest version of FortiOS and FortiProxy to mitigate this vulnerability and to monitor logs for potential exploitation attempts.

Original NVD description (English source)

An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] in FortiOS 7.4.0 through 7.4.7, 7.2.0 through 7.2.11, 7.0.6 and above; and FortiProxy 7.6.0 through 7.6.2, 7.4.0 through 7.4.8, 7.2 all versions, 7.0.5 and above may allow an authenticated attacker to elevate their privileges via triggering a malicious Webhook action in the Automation Stitch component.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS