CVE-2025-49201_CVE-2025-49201

7.4 / 10

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:U/RC:R

Description

A weak authentication in Fortinet FortiPAM 1.5.0, 1.4.0 through 1.4.2, 1.3.0 through 1.3.1, 1.2.0, 1.1.0 through 1.1.2, 1.0.0 through 1.0.3, FortiSwitchManager 7.2.0 through 7.2.4 allows attacker to execute unauthorized code or commands via specially crafted http requests

Basic Information

ID CVE-2025-49201

Source fortinet

Published Oct 14, 2025 at 15:22

Affected Product

Vendor Fortinet

Product FortiPAM

Version 1.5.0

Affected Versions Fortinet FortiPAM 1.5.0
Fortinet FortiPAM 1.4.0
Fortinet FortiPAM 1.3.0
Fortinet FortiPAM 1.2.0
Fortinet FortiPAM 1.1.0
Fortinet FortiPAM 1.0.0
Fortinet FortiSwitchManager 7.2.0

CWE Classification

CWE-1390

References

fortiguard.fortinet.com /psirt/FG-IR-25-010

{
    "lastseen": "",
    "description": "A weak authentication in Fortinet FortiPAM 1.5.0, 1.4.0 through 1.4.2, 1.3.0 through 1.3.1, 1.2.0, 1.1.0 through 1.1.2, 1.0.0 through 1.0.3, FortiSwitchManager 7.2.0 through 7.2.4 allows attacker to execute unauthorized code or commands via specially crafted http requests",
    "published": "2025-10-14T15:22:44.720Z",
    "modified": "2025-10-14T15:22:44.720Z",
    "type": "cve",
    "title": "CVE-2025-49201",
    "source": "fortinet",
    "references": "https://fortiguard.fortinet.com/psirt/FG-IR-25-010",
    "id": "CVE-2025-49201",
    "bulletinFamily": "",
    "cwe": [
        "CWE-1390"
    ],
    "cvelist": null,
    "sourceData": "Fortinet FortiPAM 1.5.0\nFortinet FortiPAM 1.4.0\nFortinet FortiPAM 1.3.0\nFortinet FortiPAM 1.2.0\nFortinet FortiPAM 1.1.0\nFortinet FortiPAM 1.0.0\nFortinet FortiSwitchManager 7.2.0",
    "sourceHref": "",
    "cvss": {
        "score": 7.4,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:U/RC:R",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "FortiPAM",
    "version": "1.5.0",
    "vendor": "Fortinet",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}