Initiatives pour
En tant qu'autorité nationale en matière de cybersécurité, le CCB a développé plusieurs initiatives destinées à des publics spécifiques, qui sont présentées ici.
Warning: CVE-2025-22252 Missing Authentication Vulnerability in FortiOS, FortiProxy, and FortiSwitchManager leads to Unauthenticated Admin Access; Patch Immediately!
Image
Publié : 14/05/2025
- Last update: 14/05/2025
- Affected software:
→ FortiOS (7.6.0, 7.4.4 through 7.4.6)
→ FortiProxy (7.6.0 through 7.6.1)
→ FortiSwitchManager (7.2.5)- Type:
→ Missing authentication for critical function- CVE/CVSS:
→ CVE-2025-22252: CVSS 9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
Sources
https://www.fortiguard.com/psirt/FG-IR-24-472
Risks
FortiOS, FortiProxy, and FortiSwitchManager are core components of Fortinet’s network security and management infrastructure, which provide firewalling, proxy services, and centralized switch management.
CVE-2025-22252 is a missing authentication vulnerability that allows an unauthenticated attacker with knowledge of an existing admin account to access the device as a valid admin. Exploitation of this flaw could grant attackers unauthorized control over network infrastructure, threatening confidentiality through data exposure, integrity via configuration tampering, and availability by disrupting critical services.
Description
CVE-2025-22252 is a missing authentication for critical function vulnerability in devices configured to use a remote TACACS+ server for authentication configured to use ASCII authentication. It may allow an attacker with knowledge of an existing admin account to access the device as a valid admin via an authentication bypass, potentially resulting in complete system compromise, data theft and service disruption.
Recommended Actions
Patch
The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority, after thorough testing.
Monitor/Detect
The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity, ensuring a swift response in case of an intrusion.
In case of an intrusion, you can report an incident via: https://ccb.belgium.be/cert/report-incident.
While patching appliances or software to the newest version may provide safety from future exploitation, it does not remediate historic compromise.
References
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22252