What is the severity of CVE-2024-48887?

CVE-2024-48887 has been classified as a high-severity vulnerability due to its potential to allow unauthorized password changes by remote attackers.

How do I fix CVE-2024-48887?

To mitigate CVE-2024-48887, you should upgrade your FortiSwitch to the latest version that is not affected by this vulnerability.

Which versions of FortiSwitch are affected by CVE-2024-48887?

FortiSwitch versions prior to 7.6.1 and those in the ranges 7.4.0 to 7.4.4, 7.2.0 to 7.2.8, 7.0.0 to 7.0.10, and 6.4.0 to 6.4.14 are affected by CVE-2024-48887.

Can CVE-2024-48887 be exploited remotely?

Yes, CVE-2024-48887 can be exploited remotely by an unauthenticated attacker who sends a specially crafted request.

What type of vulnerability is CVE-2024-48887 classified as?

CVE-2024-48887 is classified as an unverified password change vulnerability (CWE-620) affecting the FortiSwitch GUI.

Vulnerability/
CVE-2024-48887

Exploited

critical

9.8

CWE

620

8/4/2025

9/4/2025

CVE-2024-48887: Unverified password change via set_password endpoint

First published: Tue Apr 08 2025(Updated: )

A unverified password change vulnerability in Fortinet FortiSwitch GUI may allow a remote unauthenticated attacker to change admin passwords via a specially crafted request

Credit: psirt@fortinet.com

Affected Software	Affected Version	How to fix
Fortinet FortiSwitch	=.
Fortinet FortiSwitch	>=7.4.0<=7.4.4
Fortinet FortiSwitch	>=7.2.0<=7.2.8
Fortinet FortiSwitch	>=7.0.0<=7.0.10
Fortinet FortiSwitch	>=6.4.0<=6.4.14

Remedy

Please upgrade to FortiSwitch version 7.6.1 or above Please upgrade to FortiSwitch version 7.4.5 or above Please upgrade to FortiSwitch version 7.2.9 or above Please upgrade to FortiSwitch version 7.0.11 or above Please upgrade to FortiSwitch version 6.4.15 or above

Never miss a vulnerability like this again

Reference Links

Peer vulnerabilities

(Found alongside the following vulnerabilities)

Frequently Asked Questions

What is the severity of CVE-2024-48887?
CVE-2024-48887 has been classified as a high-severity vulnerability due to its potential to allow unauthorized password changes by remote attackers.
How do I fix CVE-2024-48887?
To mitigate CVE-2024-48887, you should upgrade your FortiSwitch to the latest version that is not affected by this vulnerability.
Which versions of FortiSwitch are affected by CVE-2024-48887?
FortiSwitch versions prior to 7.6.1 and those in the ranges 7.4.0 to 7.4.4, 7.2.0 to 7.2.8, 7.0.0 to 7.0.10, and 6.4.0 to 6.4.14 are affected by CVE-2024-48887.
Can CVE-2024-48887 be exploited remotely?
Yes, CVE-2024-48887 can be exploited remotely by an unauthenticated attacker who sends a specially crafted request.
What type of vulnerability is CVE-2024-48887 classified as?
CVE-2024-48887 is classified as an unverified password change vulnerability (CWE-620) affecting the FortiSwitch GUI.

collector/fortiguard-psirt-latest
source/FortiGuard
alias/CVE-2024-48887
agent/first-publish-date
agent/title
collector/fortiguard-psirt
agent/software-canonical-lookup
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/weakness
agent/remedy
agent/references
agent/type
agent/description
agent/author
agent/severity
agent/source
agent/event
collector/nvd-api
source/NVD
agent/last-modified-date
agent/trending
agent/tags
collector/bleeping-computer
source/BleepingComputer
alias/CVE-2024-54024
alias/CVE-2024-26013
alias/CVE-2024-50565
alias/CVE-2024-47575
alias/CVE-2024-55591
alias/CVE-2025-24472
agent/news-ai
exploited/true
vendor/fortinet
canonical/fortinet fortiswitch
version/fortinet fortiswitch/.
version/fortinet fortiswitch/7.4.0
version/fortinet fortiswitch/7.4.4
version/fortinet fortiswitch/7.2.0
version/fortinet fortiswitch/7.2.8
version/fortinet fortiswitch/7.0.0
version/fortinet fortiswitch/7.0.10
version/fortinet fortiswitch/6.4.0
version/fortinet fortiswitch/6.4.14