Primary

Context

Fortinet FortiPAM and FortiSwitchManager Weak Authentication Vulnerability Allowing Unauthorized Code Execution

Vulnerability

Patched

A weak authentication vulnerability has been identified in Fortinet FortiPAM versions 1.5.0, 1.4.0 through 1.4.2, 1.3.0 through 1.3.1, 1.2.0, 1.1.0 through 1.1.2, and FortiSwitchManager versions 7.2.0 through 7.2.4. This vulnerability allows attackers to execute unauthorized code or commands by sending specially crafted HTTP requests. The issue arises from the WAD/GUI component, where the authentication process can be bypassed, potentially through brute-force attacks.

Impact

Exploitation of this vulnerability could lead to unauthorized code execution or command execution on the affected system.

Remediation

Users of Fortinet FortiPAM should upgrade to version 1.5.1 or above. Fortinet FortiSwitchManager users should upgrade to version 7.2.5 or above.

Added: Oct 14, 2025, 4:26 PM

Updated: Oct 14, 2025, 11:06 PM

Vulnerability Rating

Custom Algorithm

spread

4.5

impact

7.5

exploitability

7.0

remediation

7.7

relevance

0.7

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

4.5

impact

7.5

exploitability

7.0

remediation

7.7

relevance

0.7

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Fortinet FortiPAM and FortiSwitchManager Weak Authentication Vulnerability Allowing Unauthorized Code Execution

Vulnerability

Impact

Remediation

Affected Products

Fortinet FortiPAM

Fortinet FortiSwitchManager

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating