CVE-2025-49201
Unknown
Unknown - Not Provided
BaseFortify
Vulnerability report for CVE-2025-49201, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.
Publication date: 2025-10-14
Last updated on: 2025-10-15
Assigner: Fortinet, Inc.
Description
Description
A weak authentication in Fortinet FortiPAM 1.5.0, 1.4.0 through 1.4.2, 1.3.0 through 1.3.1, 1.2.0, 1.1.0 through 1.1.2, 1.0.0 through 1.0.3, FortiSwitchManager 7.2.0 through 7.2.4 allows attacker to execute unauthorized code or commands via specially crafted http requests
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| fortinet | fortiswitchmanager | From 7.2.0 (inc) to 7.2.7 (inc) |
| fortinet | fortipam | From 1.0.0 (inc) to 1.4.3 (exc) |
| fortinet | fortipam | 1.5.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-1390 | The product uses an authentication mechanism to restrict access to specific users or identities, but the mechanism does not sufficiently prove that the claimed identity is correct. |