Forwarded from the National Information Security Information Sharing and Analysis Center (NISAC-200-202510-00000158)
[Description]
Researchers have discovered a weak authentication vulnerability (CVE-2025-49201) in the Fortinet FortiPAM and FortiSwitchManager GUIs. Unauthenticated remote attackers can bypass the authentication process and log into the system through brute force, potentially executing unauthorized commands. Please verify and patch this vulnerability as soon as possible.
[Affected Platforms]
● FortiPAM version 1.5.0
● FortiPAM versions 1.4.0 to 1.4.2
● FortiPAM 1.3 (all versions)
● FortiPAM 1.2 (all versions)
● FortiPAM 1.1 (all versions)
● FortiPAM 1.0 (all versions)
● FortiSwitchManager versions 7.2.0 to 7.2.4
[Recommended Action]
An official update has been released to address this vulnerability. Please refer to the official instructions for updating: https://fortiguard.fortinet.com/psirt/FG-IR-25-010
[References]
1. https://nvd.nist.gov/vuln/detail/CVE-2025-49201
2. https://fortiguard.fortinet.com/psirt/FG-IR-25-010
[Security Vulnerability Alert] Fortinet FortiPAM and FortiSwitchManager have a high-risk security vulnerability (CVE-2025-49201). Please confirm and patch it as soon as possible.
Type:行政公告
Pubish Date:2025/10/23 至 2026/04/23
Visitors:159
返回列表
