Unrated severityNVD Advisory· Published Jun 10, 2025· Updated Feb 26, 2026
CVE-2025-22254
CVE-2025-22254
Description
An Improper Privilege Management vulnerability [CWE-269] vulnerability in Fortinet FortiOS 7.6.0 through 7.6.1, FortiOS 7.4.0 through 7.4.6, FortiOS 7.2.0 through 7.2.10, FortiOS 7.0.0 through 7.0.16, FortiOS 6.4.0 through 6.4.15, FortiProxy 7.6.0 through 7.6.1, FortiProxy 7.4.0 through 7.4.7, FortiWeb 7.6.0 through 7.6.1, FortiWeb 7.4.0 through 7.4.6 allows an authenticated attacker with at least read-only admin permissions to gain super-admin privileges via crafted requests to Node.js websocket module.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
6cpe:2.3:a:fortinet:fortiproxy:7.6.1:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:fortinet:fortiproxy:7.6.1:*:*:*:*:*:*:*range: 7.6.0
- (no CPE)range: >=7.4.0, <=7.4.7; >=7.6.0, <=7.6.1
Patches
Vulnerability mechanics
References
1News mentions
0No linked articles in our index yet.