Fortinet Released Security Update’s; Patched Multiple High & Medium Severity Vulnerabilities
Summary: Fortinet disclosed multiple critical security vulnerabilities impacting several of its core products, including FortiPAM, FortiSwitch Manager and FortiOS platforms and patched them.
The vulnerabilities encompass issues such as improper privilege escalation, heap-based buffer overflow, weak authentication, improper certificate validation, denial-of-service risk, and race condition flaws in authentication modules.
One of the high severity issue is a weak authentication mechanism vulnerability (CVE-2025-49201) in FortiPAM & FortiSwitch Manager, and a heap overflow flaw (CVE-2025-57740) in the SSL VPN RDP bookmark functionality.
| OEM | Fortinet |
| Severity | High |
| CVSS Score | 7.8 |
| CVEs | CVE-2025-49201, CVE-2025-58325, CVE-2025-57740, CVE-2025-57741 & others |
| POC Available | No |
| Actively Exploited | No |
| Exploited in Wild | No |
| Advisory Version | 1.0 |
Overview
These vulnerabilities pose significant risks to enterprise environments, potentially allowing attackers to bypass authentication controls or execute arbitrary code within targeted systems. Users & Administrators are urged to update to the patched version.
| Vulnerability Name | CVE ID | Product Affected | Severity | Fixed Version |
| Weak Authentication Mechanism | CVE-2025-49201 | FortiPAM, FortiSwitch Manager | High | FortiPAM 1.5.1, 1.4.3 or later / FortiSwitch Manager 7.2.5 or later |
| CLI Command Functionality Bypass | CVE-2025-58325 | FortiOS | High | FortiOS 7.6.1+, 7.4.6+, 7.2.11+, 7.0.16+ |
| Heap Overflow – Remote Code Execution (FortiProxy SSL VPN Bookmarks) | CVE-2025-57741 | FortiProxy | High | FortiProxy 7.2.5+, 7.0.5+ |
| Heap Overflow – Remote Code Execution (SSL VPN RDP Bookmark) | CVE-2025-57740 | FortiOS, FortiProxy, FortiPAM, FortiSwitch Manager. | Medium | FortiOS 7.4.4+ / 7.2.8+ / 7.0.15+, FortiProxy 7.4.4+ / 7.2.10+, FortiPAM 1.3.0+, FortiSwitch Manager 7.2.4+ |
Technical Summary
Multiple critical and medium-severity vulnerabilities have been identified across several Fortinet products, including FortiOS, FortiPAM, FortiProxy, FortiAnalyzer, and FortiSwitchManager.
Other vulnerabilities could allow attackers to escalate privileges, execute unauthorized code, or bypass authentication, threatening system integrity and confidentiality.
Additional flaws may enable unauthenticated users to disrupt services, intercept network traffic, or exploit race conditions to gain improper access within centralized management and authentication platforms. As the Fortinet released the security updates, quick deploy of the patches to ensure resilience against exploitation and to protect enterprise assets.
| CVE ID | Component Affected | Vulnerability Details | Impact |
| CVE-2025-49201 | FortiPAM, FortiSwitch Manager | This flaw enables remote attackers to bypass authentication by sending specially crafted HTTP requests, allowing unauthorized code or command execution within privileged access management and switch management interfaces. | Authentication Bypass / Remote Code Execution |
| CVE-2025-57740 | FortiOS, FortiProxy, FortiPAM, FortiSwitch Manager | This heap-based buffer overflow in the SSL VPN RDP bookmark feature can be triggered by authenticated users through crafted bookmark data, resulting in memory corruption and possible code execution in the VPN context. | Remote Code Execution / System Compromise |
| CVE-2025-58325 | FortiOS | A CLI command functionality bypass allows attackers to execute restricted administrative commands through improper input validation, potentially escalating privileges or modifying critical system parameters. | Privilege Escalation / Remote Code Execution |
| CVE-2025-57741 | FortiProxy | This heap overflow vulnerability in FortiProxy’s SSL VPN RDP bookmarks can result in memory corruption, giving attackers a pathway to execute arbitrary code remotely during VPN session initialization. | Remote Code Execution / Service Compromise |
Additionally, multiple vulnerabilities have been disclosed that enable remote authentication bypass and include other issues with significant impact potential.
| Vulnerability Name | CVE ID | Affected Component | Severity |
| FGFM protocol allows unauthenticated reset of the connection | CVE-2025-26008 | FortiOS, FortiProxy, FortiPAM, FortiSwitchManager. | Medium |
| Heap Overflow in fgfmsd | CVE-2025-50571 | FortiAnalyzer/Cloud, FortiManager/Cloud. | Medium |
| Heap buffer overflow in websocket | CVE-2025-22258 | FortiOS,FortiPAM, FortiProxy, FortiSRA | Medium |
| Improper autorization over static files | CVE-2025-54822 | FortiOS, FortiProxy | Medium |
| Insufficient Session Expiration in SSLVPN using SAML authentication | CVE-2025-25252 | FortiOS | Medium |
| Missing authentication check in OFTP service | CVE-2025-53845 | FortiAnalyzer | Medium |
| Race condion in FortiCloud SSO SAML authentication | CVE-2025-54973 | FortiAnalyzer | Medium |
| Stack-based buffer overflow on fortitoken import feature | CVE-2025-46718 | FortiOS, FortiProxy | Medium |
Recommendations
Update Fortinet products to the following fixed versions as soon as possible and check the updated version from the Fortinet website
- FortiPAM: Upgrade to version 1.5.1 or later, or 1.4.3 or latest version
- FortiSwitch Manager: Upgrade to version 7.2.5 or higher
- FortiOS: Upgrade to versions 7.6.6+, 7.4.9+, 7.2.11+,7.0.16+ depending on the release series
- FortiProxy: Upgrade to 7.6.3+, 7.4.9+ and latest version
- FortiAnalyzer: Upgrade to 7.6.3+, 7.4.7+, 7.2.11+, 7.0.14+ latest version
Patches are available and should be applied immediately. For environments where immediate patching is not immediately feasible, you can also follow the below recommendations :
- Enable multi-factor authentication (MFA) to reduce unauthorized access risk
- Restrict network access to management interfaces to trusted personnel only
- Monitor logs for unusual brute-force attempts or anomalous login activity
- Apply the principle of least privilege to limit access to VPN and management services
- Use firewalls with strict whitelisting to block external attack vectors to vulnerable services
Conclusion:
The recent Fortinet advisories underscore the critical importance of timely vulnerability management, particularly for products controlling privileged access and remote connectivity.
The flaws in authentication and memory management can jeopardize the security posture of enterprise environments.
Organizations should urgently apply patches, monitor for suspicious login and session activity, and implement proactive security measures to reduce exploitation risks. Proactive response and regular updates are essential to maintaining robust security against evolving threats targeting critical infrastructure.
References:
Hashtags
#Infosec #CyberSecurity #Fortinet #FortiPAM #SQL #RCE #SecurityAdvisory #Vulnerabilitymanagement # PatchManagement #CISO #CXO #Intrucept
Recent Comments