CVE-2025-22254 Information

Description

An Improper Privilege Management vulnerability [CWE-269] affecting Fortinet FortiOS version 7.6.0 through 7.6.1 7.4.0 through 7.4.6 7.2.0 through 7.2.10 7.0.0 through 7.0.16 and before 6.4.15 FortiProxy version 7.6.0 through 7.6.1 and before 7.4.7 & FortiWeb version 7.6.0 through 7.6.1 and before 7.4.6 allows an authenticated attacker with at least read-only admin permissions to gain super-admin privileges via crafted requests to Node.js websocket module.

Reference

https://fortiguard.fortinet.com/psirt/FG-IR-25-006