{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-14T20:43:23.265","vulnerabilities":[{"cve":{"id":"CVE-2025-22254","sourceIdentifier":"psirt@fortinet.com","published":"2025-06-10T17:21:08.420","lastModified":"2026-01-14T14:16:11.733","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An Improper Privilege Management vulnerability [CWE-269] vulnerability in Fortinet FortiOS 7.6.0 through 7.6.1, FortiOS 7.4.0 through 7.4.6, FortiOS 7.2.0 through 7.2.10, FortiOS 7.0.0 through 7.0.16, FortiOS 6.4.0 through 6.4.15, FortiProxy 7.6.0 through 7.6.1, FortiProxy 7.4.0 through 7.4.7, FortiWeb 7.6.0 through 7.6.1, FortiWeb 7.4.0 through 7.4.6 allows an authenticated attacker with at least read-only admin permissions to gain super-admin privileges via crafted requests to Node.js websocket module."},{"lang":"es","value":"Una vulnerabilidad de administración inadecuada de privilegios [CWE-269] que afecta a Fortinet FortiOS versión 7.6.0 a 7.6.1, 7.4.0 a 7.4.6, 7.2.0 a 7.2.10, 7.0.0 a 7.0.16 y anteriores a 6.4.15, FortiProxy versión 7.6.0 a 7.6.1 y anteriores a 7.4.7 y FortiWeb versión 7.6.0 a 7.6.1 y anteriores a 7.4.6 permite que un atacante autenticado con al menos permisos de administrador de solo lectura obtenga privilegios de superadministrador a través de solicitudes manipuladas al módulo websocket Node.js."}],"metrics":{"cvssMetricV31":[{"source":"psirt@fortinet.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H","baseScore":6.6,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":0.7,"impactScore":5.9},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","baseScore":7.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.2,"impactScore":5.9}]},"weaknesses":[{"source":"psirt@fortinet.com","type":"Secondary","description":[{"lang":"en","value":"CWE-269"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*","versionStartIncluding":"6.4.0","versionEndExcluding":"6.4.16","matchCriteriaId":"B481963F-0415-42C8-BB38-C1A8BDF4B9F7"},{"vulnerable":true,"criteria":"cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*","versionStartIncluding":"7.0.0","versionEndExcluding":"7.0.17","matchCriteriaId":"BD357034-B2FD-4C2E-97FE-2C54D686D885"},{"vulnerable":true,"criteria":"cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*","versionStartIncluding":"7.2.0","versionEndExcluding":"7.2.11","matchCriteriaId":"4386465B-EFF9-41BA-B393-82135A2591DE"},{"vulnerable":true,"criteria":"cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*","versionStartIncluding":"7.4.0","versionEndExcluding":"7.4.7","matchCriteriaId":"DE7A88C9-8466-4414-AECB-0689F23108CD"},{"vulnerable":true,"criteria":"cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*","versionStartIncluding":"7.6.0","versionEndExcluding":"7.6.2","matchCriteriaId":"8563B77B-03AB-4ED2-BE70-DCF636FE0B60"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*","versionStartIncluding":"7.4.0","versionEndExcluding":"7.4.8","matchCriteriaId":"AE578F21-0BE9-45BB-AE21-494308FF96B6"},{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*","versionStartIncluding":"7.6.0","versionEndExcluding":"7.6.2","matchCriteriaId":"C6E32BEB-8804-452C-A054-DD9FFCC8B796"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortiweb:*:*:*:*:*:*:*:*","versionStartIncluding":"7.4.0","versionEndExcluding":"7.4.7","matchCriteriaId":"F78CFE46-966D-4E2A-AF02-B8C1A2F74C67"},{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortiweb:*:*:*:*:*:*:*:*","versionStartIncluding":"7.6.0","versionEndExcluding":"7.6.2","matchCriteriaId":"982B5FFC-F28C-4B81-BDDF-D9CA9F65D31E"}]}]}],"references":[{"url":"https://fortiguard.fortinet.com/psirt/FG-IR-25-006","source":"psirt@fortinet.com","tags":["Vendor Advisory"]}]}}]}