https://cve.circl.lu/comments/feed 2025-09-18T12:23:24.027881+00:00 Vulnerability-Lookup info@circl.lu python-feedgen Contains only the most 10 recent comments. https://cve.circl.lu/comment/48d3bc1d-ce6b-4a0d-93f6-aec07945969d 2025-09-18T12:23:24.033369+00:00 Cédric Bonhomme http://cve.circl.lu/user/cedric ### Risks FortiOS, FortiProxy, and FortiSwitchManager are core components of Fortinet’s network security and management infrastructure, which provide firewalling, proxy services, and centralized switch management. CVE-2025-22252 is a missing authentication vulnerability that allows an unauthenticated attacker with knowledge of an existing admin account to access the device as a valid admin. Exploitation of this flaw could grant attackers unauthorized control over network infrastructure, threatening confidentiality through data exposure, integrity via configuration tampering, and availability by disrupting critical services. ### Description CVE-2025-22252 is a missing authentication for critical function vulnerability in devices configured to use a remote TACACS+ server for authentication configured to use ASCII authentication. It may allow an attacker with knowledge of an existing admin account to access the device as a valid admin via an authentication bypass, potentially resulting in complete system compromise, data theft and service disruption. 2025-05-15T12:16:29.052130+00:00