CNNVD-202506-3803 Information

Jun 10, 2025 cve

CNNVD ID

CNNVD-202506-3803

CVE-2025-22862

CNNVD Published: 2025-06-10

Description (Chinese)

Fortinet FortiOS是美国飞塔（Fortinet）公司的一套专用于FortiGate网络安全平台上的安全操作系统。该系统为用户提供防火墙、防病毒、IPSec/SSLVPN、Web内容过滤和反垃圾邮件等多种安全功能。 Fortinet FortiOS存在安全漏洞，该漏洞源于automation-stitch功能对权限控制不当，攻击者可绕过限制实现权限提升。

Description (English)

Fortinet FortiOS is a security operating system dedicated to the FortiGate network security platform of the United States of America. The system provides a wide range of security features for users, including firewalls, anti-virus, IPSEc/SSLVPN, Web content filters and anti-spam. Fortinet FortiOS has a security loophole, which stems from the inappropriate control of authority by the Automation-stitch function and the ability of the assailant to circumvent the restriction to achieve a higher authority.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

飞塔

Published

2025-06-10

Last Modified

2026-02-24

References

https://fortiguard.fortinet.com/psirt/FG-IR-24-385 https://access.redhat.com/security/cve/cve-2025-22862 https://vigilance.fr/vulnerability/FortiOS-privilege-escalation-via-automation-stitch-47389

Share on: