- Description
- A weak authentication vulnerability in Fortinet FortiPAM 1.5.0, FortiPAM 1.4.0 through 1.4.2, FortiPAM 1.3 all versions, FortiPAM 1.2 all versions, FortiPAM 1.1 all versions, FortiPAM 1.0 all versions, FortiSwitchManager 7.2.0 through 7.2.4 allows attacker to execute unauthorized code or commands via specially crafted http requests
- Source
- psirt@fortinet.com
- NVD status
- Modified
- Products
- fortipam, fortiswitchmanager
CVSS 3.1
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
- psirt@fortinet.com
- CWE-1390
- Hype score
- Not currently trending
🚨 FortiSwitchManager [—] Jan 26, 2026 Security Advisory Report: Recent Authentication Bypass Vulnerability (CVE-2025-49201) Checkout our Threat Intelligence Platform: https://t.co/QuwNtEhw6z https://t.co/QuwNtEhw6z #ThreatIntelligence #Innovation https://t.co/SaNySNqXir
@transilienceai
26 Jan 2026
3 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-49201 A weak authentication in Fortinet FortiPAM 1.5.0, 1.4.0 through 1.4.2, 1.3.0 through 1.3.1, 1.2.0, 1.1.0 through 1.1.2, 1.0.0 through 1.0.3, FortiSwitchManager 7.2.0 … https://t.co/FOFtCjzL6X
@CVEnew
16 Oct 2025
15 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚠️Vulnerabilidades en productos Fortinet ❗CVE-2025-49201 ❗CVE-2025-57741 ❗CVE-2024-33507 ➡️Más info: https://t.co/LAFZstxQ6m https://t.co/Nf7Dgsk0y6
@CERTpy
16 Oct 2025
171 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Fortinetは、同社のFortiPAM(特権アクセス管理ソリューション)およびFortiSwitch Managerに、認証を完全に回避されかねない重大な脆弱性(CVE-2025-49201)が発見されたとして、緊急の注意喚起を行った。
@yousukezan
14 Oct 2025
2536 Impressions
5 Retweets
13 Likes
7 Bookmarks
0 Replies
1 Quote
**CVE-2025-49201** pertains to a **weak authentication mechanism** in multiple versions of **Fortinet FortiPAM** (versions 1.0.0 through 1.5.0) and **FortiSwitchManager** (versions 7.2.0 through 7.2.4). This weakness allows an attacker to **execute arbitrary code or commands**
@CveTodo
14 Oct 2025
13 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fortinet:fortipam:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6C39FBB2-E81C-4207-AFDD-080EC80F00A3",
"versionEndExcluding": "1.4.3",
"versionStartIncluding": "1.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortipam:1.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0401C6C0-DC87-4728-873E-6DA489C859A8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:fortinet:fortiswitchmanager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EA41837A-E903-4B24-98C1-79B7142DCF37",
"versionEndExcluding": "7.2.5",
"versionStartIncluding": "7.2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]