【資安漏洞預警】Fortinet FortiPAM與FortiSwitchManager存在高風險安全漏洞(CVE-2025-49201)，請儘速確認並進行修補

【行政公告】

公告單位	圖資處數位服務組
訊息類別	行政公告行政公告	公告對象	全體
公告主題	【資安漏洞預警】Fortinet FortiPAM與FortiSwitchManager存在高風險安全漏洞(CVE-2025-49201)，請儘速確認並進行修補 [Security Vulnerability Alert] Fortinet FortiPAM and FortiSwitchManager have a high-risk security vulnerability (CVE-2025-49201). Please confirm and patch it as soon as possible.
公告內容	轉發國家資安資訊分享與分析中心 NISAC-200-202510-00000158 [內容說明] 研究人員發現Fortinet FortiPAM與FortiSwitchManager之GUI存在驗證機制不足(Weak Authentication)漏洞(CVE-2025-49201)。未經身分鑑別之遠端攻擊者可透過暴力破解繞過驗證流程並登入系統，進而執行未經授權之指令，請儘速確認並進行修補。 [影響平台] ● FortiPAM 1.5.0版本 ● FortiPAM 1.4.0至1.4.2版本 ● FortiPAM 1.3所有版本 ● FortiPAM 1.2所有版本　 ● FortiPAM 1.1所有版本 ● FortiPAM 1.0所有版本 ● FortiSwitchManager 7.2.0至7.2.4版本 [建議措施] 官方已針對漏洞釋出修復更新，請參考官方說明進行更新，網址如下： https://fortiguard.fortinet.com/psirt/FG-IR-25-010 [參考資料] 1. https://nvd.nist.gov/vuln/detail/CVE-2025-49201 2. https://fortiguard.fortinet.com/psirt/FG-IR-25-010 Forwarded from the National Information Security Information Sharing and Analysis Center (NISAC-200-202510-00000158) [Description] Researchers have discovered a weak authentication vulnerability (CVE-2025-49201) in the Fortinet FortiPAM and FortiSwitchManager GUIs. Unauthenticated remote attackers can bypass the authentication process and log into the system through brute force, potentially executing unauthorized commands. Please verify and patch this vulnerability as soon as possible. [Affected Platforms] ● FortiPAM version 1.5.0 ● FortiPAM versions 1.4.0 to 1.4.2 ● FortiPAM 1.3 (all versions) ● FortiPAM 1.2 (all versions) ● FortiPAM 1.1 (all versions) ● FortiPAM 1.0 (all versions) ● FortiSwitchManager versions 7.2.0 to 7.2.4 [Recommended Action] An official update has been released to address this vulnerability. Please refer to the official instructions for updating: https://fortiguard.fortinet.com/psirt/FG-IR-25-010 [References] 1. https://nvd.nist.gov/vuln/detail/CVE-2025-49201 2. https://fortiguard.fortinet.com/psirt/FG-IR-25-010
相關訊息
公告時間	2025/10/23 至 2026/4/23	點閱次數	180