CVE-2025-22862 MEDIUM

Published: 2025-10-02 | Last Modified: 2026-06-09 | Status: Modified

Description

An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] in FortiOS 7.4.0 through 7.4.7, 7.2.0 through 7.2.11, 7.0.6 and above; and FortiProxy 7.6.0 through 7.6.2, 7.4.0 through 7.4.8, 7.2 all versions, 7.0.5 and above may allow an authenticated attacker to elevate their privileges via triggering a malicious Webhook action in the Automation Stitch component.

CVSS Metrics

Base Score: 6.7 (MEDIUM)

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Attack Vector	LOCAL
Attack Complexity	LOW
Privileges Required	HIGH
User Interaction	NONE
Scope	UNCHANGED
Confidentiality Impact	HIGH
Integrity Impact	HIGH
Availability Impact	HIGH

Source: [email protected]

Type: Primary

Exploitability Score: 0.8

Impact Score: 5.9

Weaknesses

Source	Type	Description
[email protected]	Secondary	en CWE-288

Affected Products

Vendor	Product	Version	Update	Type
fortinet	fortios	*	<built-in method update of dict object at 0x7d1e5feb8ec0>	Operating System
fortinet	fortios	*	<built-in method update of dict object at 0x7d1e643c31c0>	Operating System
fortinet	fortiproxy	*	<built-in method update of dict object at 0x7d1e64be6f40>	Application
fortinet	fortiproxy	*	<built-in method update of dict object at 0x7d1e5f625240>	Application

Affected Configurations

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:o:fortinet:fortios::::::::`
Yes	`cpe:2.3:o:fortinet:fortios::::::::`

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:a:fortinet:fortiproxy::::::::`
Yes	`cpe:2.3:a:fortinet:fortiproxy::::::::`

References

https://fortiguard.fortinet.com/psirt/FG-IR-24-385
Source: [email protected]

Vendor Advisory
https://cert-portal.siemens.com/productcert/html/ssa-864900.html
Source: 0b142b55-0307-4c5a-b3c9-f314f3fb7c5e