Critical FortiOS Flaw Allows Unauthorized Access and Full Device Takeover

Fortinet has found itself at the center of an unauthorized access wherein the attackers have taken over full device control. The vulnerability detected in the OS was CVE-2025-22252(Missing Authentication for Critical Function) with a critical severity of 9.0 that allows an attacker knowledgeable of an existing admin’s account to access the device and bypass authentication.

It exists in FortiOS, FortiProxy, and FortiSwitchManager TACACS+ configured to use a remote TACACS+ server for authentication. After being discovered by Cam B from Vital and NBS Telecom’s Matheus, Fortinet quickly took action to prevent any further progress by the threat actor.

Under this threat, which products have been affected? Let’s find out.

As per the security advisory, three of the twelve products are affected. Here’s how they’ve summarized the affects and the action we can take.

FortiNet has assured that the current vulnerability is limited to configurations that require ASCII authentication. PAP, MSCHAP, and CHAP configurations are safe from the impact. Additionally, Fortinet offers two workarounds that do not use ASCII authentication, which can prevent the vulnerability from impacting other devices. This aims towards organizations who may not be able tp make the upgrade sooner.

As an experienced cyber expert, Secucenter has seen how large-scale cybersecurity companies and their products are targeted to access client data for many negative reasons. Staying secure is not a one-time thing, but a recurrent requirement that needs attention. If you are an MSSP, then our dedicated SOC services are here to provide that extra layer of protection to your clients from current and future threats.