Fortinet has disclosed a critical security vulnerability affecting FortiPAM and FortiSwitchManager products that could enable attackers to bypass authentication mechanisms through brute-force attacks.
The vulnerability, tracked as CVE-2025-49201, was internally discovered by Gwendal Guégniaud of the Fortinet Product Security team and published on October 14, 2025.
Weak Authentication Vulnerability Enables Brute-Force Attacks
The security flaw stems from a weak authentication issue classified under CWE-1390 in the FortiPAM and FortiSwitch Manager WAD/GUI components.
This vulnerability allows threat actors to circumvent the authentication process by launching brute-force attacks against the affected systems.
With a CVSS v3.1 score of 7.4, the vulnerability is rated as high severity, indicating significant risk to organizations using vulnerable versions.
The attack vector is network-based, requiring no user interaction or prior privileges, making it particularly dangerous for internet-facing deployments.
While the attack complexity is rated as high, successful exploitation could grant attackers unauthorized access to execute code or commands on compromised systems.
This level of access could potentially lead to complete system compromise, data theft, or further lateral movement within enterprise networks.
The vulnerability impacts numerous versions of FortiPAM, including versions 1.0 through 1.5.0, with varying degrees of severity.
FortiPAM versions 1.0, 1.1, 1.2, and 1.3 require complete migration to fixed releases, as no patches are available for these legacy versions.
Organizations running FortiPAM 1.4.0 through 1.4.2 should immediately upgrade to version 1.4.3 or higher, while those using FortiPAM 1.5.0 need to upgrade to version 1.5.1 or above.
FortiSwitchManager is also affected, specifically versions 7.2.0 through 7.2.4. Fortinet has released version 7.2.5 as the patched release for these affected versions.
Notably, FortiPAM versions 1.6 and 1.7, along with FortiSwitchManager 7.0, are not affected by this vulnerability and require no action.
Security teams managing Fortinet infrastructure should prioritize patching efforts based on their deployment configurations.
Organizations with internet-facing FortiPAM or FortiSwitchManager installations face heightened risk and should expedite remediation.
Administrators should verify their current software versions, review access logs for suspicious authentication attempts, and implement additional security controls such as IP whitelisting or multi-factor authentication where possible.
| CVE ID | CVSS Score | Attack Vector | Attack Complexity |
| CVE-2025-49201 | 7.4 (High) | Network | High |
| Product | Affected Versions | Solution |
| FortiPAM 1.5 | 1.5.0 | Upgrade to 1.5.1 or above |
| FortiPAM 1.4 | 1.4.0 through 1.4.2 | Upgrade to 1.4.3 or above |
| FortiPAM 1.3 | All versions | Migrate to fixed release |
| FortiPAM 1.2 | All versions | Migrate to fixed release |
| FortiPAM 1.1 | All versions | Migrate to fixed release |
| FortiPAM 1.0 | All versions | Migrate to fixed release |
| FortiSwitchManager 7.2 | 7.2.0 through 7.2.4 | Upgrade to 7.2.5 or above |
For systems running unsupported versions that require migration rather than simple upgrades, organizations should develop transition plans to move to supported releases promptly.
Regular monitoring of authentication logs for unusual brute-force patterns can help detect potential exploitation attempts while patches are being deployed.
Follow us on Google News, LinkedIn, and X to Get Instant Updates and Set GBH as a Preferred Source in Google.
