Print - 【Vulnerability Alert】A high-risk security vulnerability (CVE-2025-49201) has been identified in Fortinet FortiPAM and FortiSwitchManager. Please verify and apply the necessary patches as soon as possible.

【Vulnerability Alert】A high-risk security vulnerability (CVE-2025-49201) has been identified in Fortinet FortiPAM and FortiSwitchManager. Please verify and apply the necessary patches as soon as possible.

publish date : 2025-10-23 update date : 2025-10-23

Source: Ministry of education information & communication security contingency platform

"" "" ""


Publication Number	TACERT-ANA-2025102201103333	Publication Time	2025/10/22 13:11
Incident Type	ANA-Vulnerability Alert	Discovery Time	2025/10/22 13:11
Impact Level	Medium
[Subject] 【Vulnerability Alert】A high-risk security vulnerability (CVE-2025-49201) has been identified in Fortinet FortiPAM and FortiSwitchManager. Please verify and apply the necessary patches as soon as possible.
[Content] Forwarded from the National Institute of Cyber Security NISAC-200-202510-00000158 Researchers have discovered a Weak Authentication vulnerability (CVE-2025-49201) in the GUI of Fortinet FortiPAM and FortiSwitchManager. An unauthenticated remote attacker could exploit this vulnerability by performing a brute-force attack to bypass the authentication process and gain system access, allowing the execution of unauthorized commands. Please verify and apply the necessary security patches as soon as possible. Information Sharing Level: WHITE (Information content can be publicly disclosed)
[Affected Platform] This vulnerability affects the following versions: ● FortiPAM version 1.5.0 ● FortiPAM versions 1.4.0 to 1.4.2 ● All FortiPAM version 1.3 releases ● All FortiPAM version 1.2 releases ● All FortiPAM version 1.1 releases ● All FortiPAM version 1.0 releases ● FortiSwitchManager versions 7.2.0 to 7.2.4
[Recommended Actions] The vendor has released official patches for this vulnerability. Please refer to the official advisory for update instructions at the following URL: https://fortiguard.fortinet.com/psirt/FG-IR-25-010
[Reference] 1. https://nvd.nist.gov/vuln/detail/CVE-2025-49201 2. https://fortiguard.fortinet.com/psirt/FG-IR-25-010

(This notification is for informational purposes only and does not constitute a cybersecurity incident).
If you have questions or suggestions regarding this notification, please feel free to contact us.
Ministry of education information & communication security contingency platform
Website: https://info.cert.tanet.edu.tw/
Phone: +886-7-5250211
Internet Phone: 98400000
E-Mail: service@cert.tanet.edu.tw

Organizer: Computer Center