CVE-2025-49201

CWE-13904 documents4 sources
Severity
9.8CRITICAL
EPSS
0.1%
top 76.24%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Fortinet FortipamFortinet Fortiswitchmanager
Timeline
PublishedOct 14

Description

A weak authentication vulnerability in Fortinet FortiPAM 1.5.0, FortiPAM 1.4.0 through 1.4.2, FortiPAM 1.3 all versions, FortiPAM 1.2 all versions, FortiPAM 1.1 all versions, FortiPAM 1.0 all versions, FortiSwitchManager 7.2.0 through 7.2.4 allows attacker to execute unauthorized code or commands via specially crafted http requests

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 2.2 | Impact: 5.9

Affected Packages4 packages

NVDfortinet/fortipam1.0.01.4.3+1
CVEListV5fortinet/fortipam1.4.01.4.2+5
NVDfortinet/fortiswitchmanager7.2.07.2.5
CVEListV5fortinet/fortiswitchmanager7.2.07.2.4

🔴Vulnerability Details

2
GHSA
GHSA-45jf-r23j-3xm6: A weak authentication in Fortinet FortiPAM 12025-10-14
CVEList
CVE-2025-49201: A weak authentication vulnerability in Fortinet FortiPAM 12025-10-14

📋Vendor Advisories

1
Fortinet
Weak authentication in WAD/GUI2025-10-14
CVE-2025-49201 (CRITICAL CVSS 9.8) | A weak authentication vulnerability | cvebase.io