CVE-2025-49201
HIGHDescription
A weak authentication vulnerability in Fortinet FortiPAM 1.5.0, FortiPAM 1.4.0 through 1.4.2, FortiPAM 1.3 all versions, FortiPAM 1.2 all versions, FortiPAM 1.1 all versions, FortiPAM 1.0 all versions, FortiSwitchManager 7.2.0 through 7.2.4 allows attacker to execute unauthorized code or commands via specially crafted http requests
Is your site exposed to CVE-2025-49201?
Run a free security scan — no signup, results in seconds.
CVSS v3.1 Score
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| fortinet | fortipam |
| fortinet | fortipam |
| fortinet | fortiswitchmanager |
References
Advisories & Patches
Frequently Asked Questions
What is CVE-2025-49201? +
How severe is CVE-2025-49201? +
What products are affected by CVE-2025-49201? +
How do I check if I'm vulnerable to CVE-2025-49201? +
Related Vulnerabilities
An improper validation of credentials vulnerability in the CommvaultSecurityIQ integration for Cortex XSOAR and Cortex XSIAM allows an unauthenticated attacker …
A security issue exists within DataMosaix™ Private Cloud, allowing attackers to bypass MFA during setup and obtain a valid login-token …
This vulnerability exists in the CAP back office application due to improper authentication check at the API endpoint. An unauthenticated …
Borg SPM 2007 (Sales Ended in 2008) developed by BorG Technology Corporation has a Authentication Bypass vulnerability, allowing unauthenticated remote …
Weak Authentication vulnerability in Drupal Two-factor Authentication (TFA) allows Authentication Abuse.This issue affects Two-factor Authentication (TFA): from 0.0.0 before 1.5.0.
Improper Authentication, Missing authentication for critical function, Weak Authentication vulnerability in DTS Electronics Industry and Trade Ltd. Co. Redline WR3200 …