Primary

Context

Fortinet FortiProxy, FortiSwitchManager, and FortiOS Authentication Bypass Vulnerability Allowing Admin Access

Vulnerability

An authentication bypass vulnerability has been identified in Fortinet FortiProxy versions 7.6.0 through 7.6.1, FortiSwitchManager version 7.2.5, and FortiOS versions 7.4.4 through 7.4.6 and 7.6.0. This vulnerability allows an attacker with knowledge of an existing admin account to bypass authentication and gain access to the device as a valid admin.

Impact

Exploitation of this vulnerability could lead to unauthorized access to the device with admin privileges.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

6.8

impact

5.0

exploitability

4.9

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

6.8

impact

5.0

exploitability

4.9

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Fortinet FortiProxy, FortiSwitchManager, and FortiOS Authentication Bypass Vulnerability Allowing Admin Access

Vulnerability

Impact

Affected Products

Fortinet FortiProxy

Fortinet FortiSwitchManager

Fortinet FortiOS

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating