CVE-2025-22862

CVSS v3.1

6.7

Medium

Vector

AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: FortiOS versions 7.2 FortiProxy versions 7.2

Description: An authentication bypass issue exists in FortiOS and FortiProxy due to a flaw in the Automation Stitch component. An authenticated attacker can elevate privileges by triggering a malicious Webhook action.

Recommendations: FortiOS version 7.2: At the moment, there is no information about a newer version that contains a fix for this vulnerability. FortiProxy version 7.2: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

LPE

Authentication Bypass Using an Alternate Path or Channel

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-288

Related Identifiers

BDU:2025-09060

CVE-2025-22862

Affected Products

Fortios

Fortiproxy

CVE-2025-22862

Weakness Enumeration

Related Identifiers

Affected Products

References · 12