4 min read
By: RedLegg's Cyber Threat Intelligence Team
About:
RedLegg will occasionally communicate vulnerabilities released outside the usual release schedule to provide additional value to our customers. These emergency bulletins describe vulnerabilities or threats we classify as the highest severity level and warrant out-of-band emergency patching or mitigation action.
VULNERABILITIES
Fortinet TACACS+ Authentication Bypass Vulnerability
CVSS Score: 9.0 (Critical)
Identifier: CVE-2025-22252
Exploit or POC: No
Update: CVE-2025-22252 – Fortinet Security Advisory
Description: CVE-2025-22252 is a critical vulnerability affecting Fortinet products configured to use TACACS+ authentication with ASCII authentication. The flaw arises from missing authentication for a critical function, allowing an attacker with knowledge of an existing admin account to bypass authentication and gain administrative access to the device. This vulnerability specifically affects the GUI component of the affected products. Configurations using PAP, MSCHAP, or CHAP authentication methods are not impacted.
Affected Versions:
- FortiOS versions 7.4.4 through 7.4.6, and 7.6.0
- FortiProxy versions 7.6.0 through 7.6.1
- FortiSwitchManager version 7.2.5
Mitigation Recommendation: Fortinet has released patches to address this vulnerability. Administrators are strongly advised to apply the updates immediately:
- Upgrade to FortiOS version 7.4.7 or later
- Upgrade to FortiProxy version 7.6.2 or later
- Upgrade to FortiSwitchManager version 7.2.6 or later
If immediate patching is not feasible, it is recommended to configure an alternate authentication method by setting authen-type to pap, mschap, or chap, or by unsetting the authen-type parameter.
Note: Given the critical severity and confirmed exploitation of this vulnerability, prompt action is essential to secure affected systems. Regularly reviewing and applying security updates is vital to maintaining the integrity and security of your infrastructure.
