Fortinet has disclosed a vital safety vulnerability affecting FortiPAM and FortiSwitchManager merchandise that would allow attackers to bypass authentication mechanisms by way of brute-force assaults.
The vulnerability, tracked as CVE-2025-49201, was internally found by Gwendal Guégniaud of the Fortinet Product Safety group and revealed on October 14, 2025.
Weak Authentication Vulnerability Allows Brute-Power Assaults
The safety flaw stems from a weak authentication concern categorised underneath CWE-1390 within the FortiPAM and FortiSwitch Supervisor WAD/GUI parts.
This vulnerability permits risk actors to bypass the authentication course of by launching brute-force assaults in opposition to the affected methods.
With a CVSS v3.1 rating of seven.4, the vulnerability is rated as excessive severity, indicating important danger to organizations utilizing weak variations.
The assault vector is network-based, requiring no consumer interplay or prior privileges, making it notably harmful for internet-facing deployments.
Whereas the assault complexity is rated as excessive, profitable exploitation might grant attackers unauthorized entry to execute code or instructions on compromised methods.
This degree of entry might doubtlessly result in full system compromise, knowledge theft, or additional lateral motion inside enterprise networks.
The vulnerability impacts quite a few variations of FortiPAM, together with variations 1.0 by way of 1.5.0, with various levels of severity.
FortiPAM variations 1.0, 1.1, 1.2, and 1.3 require full migration to mounted releases, as no patches can be found for these legacy variations.
Organizations working FortiPAM 1.4.0 by way of 1.4.2 ought to instantly improve to model 1.4.3 or increased, whereas these utilizing FortiPAM 1.5.0 have to improve to model 1.5.1 or above.
FortiSwitchManager can also be affected, particularly variations 7.2.0 by way of 7.2.4. Fortinet has launched model 7.2.5 because the patched launch for these affected variations.
Notably, FortiPAM variations 1.6 and 1.7, together with FortiSwitchManager 7.0, should not affected by this vulnerability and require no motion.
Safety groups managing Fortinet infrastructure ought to prioritize patching efforts primarily based on their deployment configurations.
Organizations with internet-facing FortiPAM or FortiSwitchManager installations face heightened danger and may expedite remediation.
Directors ought to confirm their present software program variations, overview entry logs for suspicious authentication makes an attempt, and implement further safety controls similar to IP whitelisting or multi-factor authentication the place attainable.
| CVE ID | CVSS Rating | Assault Vector | Assault Complexity |
| CVE-2025-49201 | 7.4 (Excessive) | Community | Excessive |
| Product | Affected Variations | Resolution |
| FortiPAM 1.5 | 1.5.0 | Improve to 1.5.1 or above |
| FortiPAM 1.4 | 1.4.0 by way of 1.4.2 | Improve to 1.4.3 or above |
| FortiPAM 1.3 | All variations | Migrate to mounted launch |
| FortiPAM 1.2 | All variations | Migrate to mounted launch |
| FortiPAM 1.1 | All variations | Migrate to mounted launch |
| FortiPAM 1.0 | All variations | Migrate to mounted launch |
| FortiSwitchManager 7.2 | 7.2.0 by way of 7.2.4 | Improve to 7.2.5 or above |
For methods working unsupported variations that require migration fairly than easy upgrades, organizations ought to develop transition plans to maneuver to supported releases promptly.
Common monitoring of authentication logs for uncommon brute-force patterns might help detect potential exploitation makes an attempt whereas patches are being deployed.
Comply with us on Google Information, LinkedIn, and X to Get On the spot Updates and Set GBH as a Most well-liked Supply in Google.
