Summary: Fortinet disclosed multiple critical security vulnerabilities impacting several of its core products, including FortiPAM, FortiSwitch Manager and FortiOS platforms and patched them.

The vulnerabilities encompass issues such as improper privilege escalation, heap-based buffer overflow, weak authentication, improper certificate validation, denial-of-service risk, and race condition flaws in authentication modules.

One of the high severity issue is a weak authentication mechanism vulnerability (CVE-2025-49201) in FortiPAM & FortiSwitch Manager, and a heap overflow flaw (CVE-2025-57740) in the SSL VPN RDP bookmark functionality.

OEM	Fortinet
Severity	High
CVSS Score	7.8
CVEs	CVE-2025-49201, CVE-2025-58325, CVE-2025-57740, CVE-2025-57741 & others
POC Available	No
Actively Exploited	No
Exploited in Wild	No
Advisory Version	1.0

Overview 

These vulnerabilities pose significant risks to enterprise environments, potentially allowing attackers to bypass authentication controls or execute arbitrary code within targeted systems. Users & Administrators are urged to update to the patched version. 

Vulnerability Name	CVE ID	Product Affected	Severity	Fixed Version
Weak Authentication Mechanism	CVE-2025-49201	FortiPAM, FortiSwitch Manager	High	FortiPAM 1.5.1, 1.4.3 or later / FortiSwitch Manager 7.2.5 or later
CLI Command Functionality Bypass	CVE-2025-58325	FortiOS	High	FortiOS 7.6.1+, 7.4.6+, 7.2.11+, 7.0.16+
Heap Overflow – Remote Code Execution (FortiProxy SSL VPN Bookmarks)	CVE-2025-57741	FortiProxy	High	FortiProxy 7.2.5+, 7.0.5+
Heap Overflow – Remote Code Execution (SSL VPN RDP Bookmark)	CVE-2025-57740	FortiOS, FortiProxy, FortiPAM, FortiSwitch Manager.	Medium	FortiOS 7.4.4+ / 7.2.8+ / 7.0.15+, FortiProxy 7.4.4+ / 7.2.10+, FortiPAM 1.3.0+, FortiSwitch Manager 7.2.4+

Technical Summary 

Multiple critical and medium-severity vulnerabilities have been identified across several Fortinet products, including FortiOS, FortiPAM, FortiProxy, FortiAnalyzer, and FortiSwitchManager.

Other vulnerabilities could allow attackers to escalate privileges, execute unauthorized code, or bypass authentication, threatening system integrity and confidentiality.

Additional flaws may enable unauthenticated users to disrupt services, intercept network traffic, or exploit race conditions to gain improper access within centralized management and authentication platforms. As the Fortinet released the security updates, quick deploy of the patches to ensure resilience against exploitation and to protect enterprise assets. 

CVE ID	Component Affected	Vulnerability Details	Impact
CVE-2025-49201	FortiPAM, FortiSwitch Manager	This flaw enables remote attackers to bypass authentication by sending specially crafted HTTP requests, allowing unauthorized code or command execution within privileged access management and switch management interfaces.	Authentication Bypass / Remote Code Execution
CVE-2025-57740	FortiOS, FortiProxy, FortiPAM, FortiSwitch Manager	This heap-based buffer overflow in the SSL VPN RDP bookmark feature can be triggered by authenticated users through crafted bookmark data, resulting in memory corruption and possible code execution in the VPN context.	Remote Code Execution / System Compromise
CVE-2025-58325	FortiOS	A CLI command functionality bypass allows attackers to execute restricted administrative commands through improper input validation, potentially escalating privileges or modifying critical system parameters.	Privilege Escalation / Remote Code Execution
CVE-2025-57741	FortiProxy	This heap overflow vulnerability in FortiProxy’s SSL VPN RDP bookmarks can result in memory corruption, giving attackers a pathway to execute arbitrary code remotely during VPN session initialization.	Remote Code Execution / Service Compromise

Additionally, multiple vulnerabilities have been disclosed that enable remote authentication bypass and include other issues with significant impact potential. 

Vulnerability Name	CVE ID	Affected Component	Severity
FGFM protocol allows unauthenticated reset of the connection	CVE-2025-26008	FortiOS, FortiProxy, FortiPAM, FortiSwitchManager.	Medium
Heap Overflow in fgfmsd	CVE-2025-50571	FortiAnalyzer/Cloud, FortiManager/Cloud.	Medium
Heap buffer overflow in websocket	CVE-2025-22258	FortiOS,FortiPAM, FortiProxy, FortiSRA	Medium
Improper autorization over static files	CVE-2025-54822	FortiOS, FortiProxy	Medium
Insufficient Session Expiration in SSLVPN using SAML authentication	CVE-2025-25252	FortiOS	Medium
Missing authentication check in OFTP service	CVE-2025-53845	FortiAnalyzer	Medium
Race condion in FortiCloud SSO SAML authentication	CVE-2025-54973	FortiAnalyzer	Medium
Stack-based buffer overflow on fortitoken import feature	CVE-2025-46718	FortiOS, FortiProxy	Medium

Recommendations 

Update Fortinet products to the following fixed versions as soon as possible and check the updated version from the Fortinet website 

• FortiPAM: Upgrade to version 1.5.1 or later, or 1.4.3 or latest version 

• FortiSwitch Manager: Upgrade to version 7.2.5 or higher 

• FortiOS: Upgrade to versions 7.6.6+, 7.4.9+, 7.2.11+,7.0.16+ depending on the release series 

• FortiProxy: Upgrade to 7.6.3+, 7.4.9+ and latest version 

• FortiAnalyzer: Upgrade to 7.6.3+, 7.4.7+, 7.2.11+, 7.0.14+ latest version 

Patches are available and should be applied immediately. For environments where immediate patching is not immediately feasible, you can also follow the below recommendations : 

• Enable multi-factor authentication (MFA) to reduce unauthorized access risk 

• Restrict network access to management interfaces to trusted personnel only 

• Monitor logs for unusual brute-force attempts or anomalous login activity 

• Apply the principle of least privilege to limit access to VPN and management services 

• Use firewalls with strict whitelisting to block external attack vectors to vulnerable services 

Conclusion: 
The recent Fortinet advisories underscore the critical importance of timely vulnerability management, particularly for products controlling privileged access and remote connectivity.

The flaws in authentication and memory management can jeopardize the security posture of enterprise environments.

Organizations should urgently apply patches, monitor for suspicious login and session activity, and implement proactive security measures to reduce exploitation risks. Proactive response and regular updates are essential to maintaining robust security against evolving threats targeting critical infrastructure. 

References: 

• https://fortiguard.fortinet.com/psirt 

• https://cybersecuritynews.com/fortipam-and-fortiswitch-manager-vulnerability/ 

Hashtags 

#Infosec #CyberSecurity #Fortinet #FortiPAM #SQL #RCE #SecurityAdvisory #Vulnerabilitymanagement # PatchManagement #CISO #CXO #Intrucept