Authentication Bypass Vulnerability in Fortinet's FortiOS and FortiProxy Products
CVE-2025-22862

6.3MEDIUM

Key Information:

Vendor

Fortinet

Vendor
CVE Published:
2 October 2025

What is CVE-2025-22862?

An Authentication Bypass vulnerability exists in FortiOS and FortiProxy where an authenticated attacker could exploit the Automation Stitch component by triggering a malicious Webhook action, leading to the potential escalation of privileges. This flaw is present in several versions of the Fortinet products, making it critical for users to assess their environments and apply necessary mitigations.

Affected Version(s)

FortiOS 7.4.0 <= 7.4.7

FortiOS 7.2.0 <= 7.2.11

FortiOS 7.0.6 <= 7.0.17

References

CVSS V3.1

Score:
6.3
Severity:
MEDIUM
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2025-22862 : Authentication Bypass Vulnerability in Fortinet's FortiOS and FortiProxy Products