CVE-2025-22254 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

An Improper Privilege Management vulnerability [CWE-269] vulnerability in Fortinet FortiOS 7.6.0 through 7.6.1, FortiOS 7.4.0 through 7.4.6, FortiOS 7.2.0 throu…
Medium CVSS: 6.6

CVE-2025-22254

An Improper Privilege Management vulnerability [CWE-269] vulnerability in Fortinet FortiOS 7.6.0 through 7.6.1, FortiOS 7.4.0 through 7.4.6, FortiOS 7.2.0 through 7.2.10, FortiOS 7.0.0 through 7.0.16, FortiOS 6.4.0 through 6.4.15, FortiProxy 7.6.0 through 7.6.1, FortiProxy 7.4.0 through 7.4.7, FortiWeb 7.6.0 through 7.6.1, FortiWeb 7.4.0 through 7.4.6 allows an authenticated attacker with at least read-only admin permissions to gain super-admin privileges via crafted requests to Node.js websocket module.
Vendor
Fortinet
Product
Fortios
CWE
CWE-269
Yayın Tarihi
2025-06-10 17:21:08
Güncelleme
2026-01-14 14:16:11
Source Identifier
psirt@fortinet.com
KEV Date Added
-

Kategoriler

CWE-269 Fortios MEDIUM Fortinet 2025

Referanslar

https://fortiguard.fortinet.com/psirt/FG-IR-25-006