CVE-2025-49201

🗓️ 14 Oct 2025 15:22:44Reported by fortinetType

Weak authentication in FortiPAM and FortiSwitch enables unapproved code execution via web requests.

Reporter	Title	Published	Views	Family All 10
Circl	CVE-2025-49201	14 Oct 202518:25	–	circl
CNNVD	Fortinet FortiSwitchManager和Fortinet FortiPAM 安全漏洞	14 Oct 202500:00	–	cnnvd
CNVD	Fortinet FortiPAM OS Command Injection Vulnerability (CNVD-2025-24146)	16 Oct 202500:00	–	cnvd
Cvelist	CVE-2025-49201	14 Oct 202515:22	–	cvelist
EUVD	EUVD-2025-34245	14 Oct 202518:30	–	euvd
NVD	CVE-2025-49201	14 Oct 202516:15	–	nvd
Positive Technologies	PT-2025-41956	14 Oct 202500:00	–	ptsecurity
RedhatCVE	CVE-2025-49201	15 Oct 202515:47	–	redhatcve
The Hacker News	⚡ Weekly Recap: F5 Breached, Linux Rootkits, Pixnapping Attack, EtherHiding & More	20 Oct 202512:27	–	thn
Vulnrichment	CVE-2025-49201	14 Oct 202515:22	–	vulnrichment

NVD

Node

fortinet fortipamRange1.0.0–1.4.3

fortinet fortipamMatch1.5.0

Node

fortinet fortiswitchmanagerRange7.2.0–7.2.5

[
  {
    "vendor": "Fortinet",
    "product": "FortiPAM",
    "cpes": [
      "cpe:2.3:o:fortinet:fortipam:1.5.0:*:*:*:*:*:*:*",
      "cpe:2.3:o:fortinet:fortipam:1.4.2:*:*:*:*:*:*:*",
      "cpe:2.3:o:fortinet:fortipam:1.4.1:*:*:*:*:*:*:*",
      "cpe:2.3:o:fortinet:fortipam:1.4.0:*:*:*:*:*:*:*",
      "cpe:2.3:o:fortinet:fortipam:1.3.1:*:*:*:*:*:*:*",
      "cpe:2.3:o:fortinet:fortipam:1.3.0:*:*:*:*:*:*:*",
      "cpe:2.3:o:fortinet:fortipam:1.2.0:*:*:*:*:*:*:*",
      "cpe:2.3:o:fortinet:fortipam:1.1.2:*:*:*:*:*:*:*",
      "cpe:2.3:o:fortinet:fortipam:1.1.1:*:*:*:*:*:*:*",
      "cpe:2.3:o:fortinet:fortipam:1.1.0:*:*:*:*:*:*:*",
      "cpe:2.3:o:fortinet:fortipam:1.0.3:*:*:*:*:*:*:*",
      "cpe:2.3:o:fortinet:fortipam:1.0.2:*:*:*:*:*:*:*",
      "cpe:2.3:o:fortinet:fortipam:1.0.1:*:*:*:*:*:*:*",
      "cpe:2.3:o:fortinet:fortipam:1.0.0:*:*:*:*:*:*:*"
    ],
    "defaultStatus": "unaffected",
    "versions": [
      {
        "version": "1.5.0",
        "status": "affected"
      },
      {
        "versionType": "semver",
        "version": "1.4.0",
        "lessThanOrEqual": "1.4.2",
        "status": "affected"
      },
      {
        "versionType": "semver",
        "version": "1.3.0",
        "lessThanOrEqual": "1.3.1",
        "status": "affected"
      },
      {
        "version": "1.2.0",
        "status": "affected"
      },
      {
        "versionType": "semver",
        "version": "1.1.0",
        "lessThanOrEqual": "1.1.2",
        "status": "affected"
      },
      {
        "versionType": "semver",
        "version": "1.0.0",
        "lessThanOrEqual": "1.0.3",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Fortinet",
    "product": "FortiSwitchManager",
    "cpes": [
      "cpe:2.3:a:fortinet:fortiswitchmanager:7.2.4:*:*:*:*:*:*:*",
      "cpe:2.3:a:fortinet:fortiswitchmanager:7.2.3:*:*:*:*:*:*:*",
      "cpe:2.3:a:fortinet:fortiswitchmanager:7.2.2:*:*:*:*:*:*:*",
      "cpe:2.3:a:fortinet:fortiswitchmanager:7.2.1:*:*:*:*:*:*:*",
      "cpe:2.3:a:fortinet:fortiswitchmanager:7.2.0:*:*:*:*:*:*:*"
    ],
    "defaultStatus": "unaffected",
    "versions": [
      {
        "versionType": "semver",
        "version": "7.2.0",
        "lessThanOrEqual": "7.2.4",
        "status": "affected"
      }
    ]
  }
]

Source	Link
fortiguard	www.fortiguard.fortinet.com/psirt/FG-IR-25-010

14 Jan 2026 10:16Current

7.2High risk

Vulners AI Score7.2

CVSS 3.18.1 - 9.8

EPSS0.00061

SSVC

CWE-1390