Weak Authentication Vulnerability in Fortinet FortiPAM and FortiSwitchManager
CVE-2025-49201

7.4HIGH

Key Information:

Vendor: Fortinet
Status: Fortipam; Fortiswitchmanager
Vendor: CVE Published:; 14 October 2025

What is CVE-2025-49201?

A vulnerability identified in Fortinet's FortiPAM and FortiSwitchManager products stems from weak authentication protocols. This flaw allows attackers to exploit the affected versions through specially crafted HTTP requests, potentially leading to unauthorized code execution or command control. Users are advised to apply mitigations and check for software updates to protect against this vulnerability.

Affected Version(s)

FortiPAM 1.5.0

FortiPAM 1.4.0 <= 1.4.2

FortiPAM 1.3.0 <= 1.3.1

References

https://fortiguard.fortinet.com/psirt/FG-IR-25-010

CVSS V3.1

Score:

7.4

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 14, 2025
Vulnerability Reserved
Jun 3, 2025

JSON