CVE-2025-57740 is a heap-based buffer overflow vulnerability (CWE-122) identified in Fortinet FortiPAM versions 1.0.0 through 1.5.0, FortiOS versions 6.4 through 7.6.2 (various subversions), and FortiProxy versions 7.0 through 7.6.2. The flaw resides in the handling of RDP bookmark connections, where an authenticated user with low privileges can send specially crafted requests that trigger a heap overflow, leading to unauthorized code execution. This vulnerability affects the core privilege access management and network security products of Fortinet, which are widely used in enterprise environments to manage privileged accounts and secure remote access. The attack vector requires network access and valid credentials but does not require user interaction beyond authentication. The CVSS v3.1 base score is 6.7, reflecting a medium severity due to the need for authentication and high attack complexity. The vulnerability can compromise confidentiality, integrity, and availability by allowing attackers to execute arbitrary code, potentially leading to full system compromise or lateral movement within networks. No public exploits or active exploitation campaigns have been reported as of the publication date. Fortinet has not yet published patches or mitigation instructions, but the vendor is expected to release updates promptly given the critical nature of the affected products.

For European organizations, this vulnerability poses a significant risk especially to those relying on Fortinet FortiPAM and FortiOS for privileged access management and network security. Successful exploitation could lead to unauthorized access to sensitive credentials, enabling attackers to escalate privileges, move laterally, and potentially disrupt critical infrastructure or steal sensitive data. The impact on confidentiality is high due to potential exposure of privileged credentials. Integrity and availability are also at risk as attackers could execute arbitrary commands, modify configurations, or cause service disruptions. Sectors such as finance, energy, telecommunications, and government agencies that depend heavily on Fortinet products for secure remote access and PAM are particularly vulnerable. The requirement for authentication limits the attack surface but insider threats or compromised credentials could facilitate exploitation. The medium severity rating suggests a moderate but non-negligible risk, warranting timely remediation to prevent potential breaches.

1. Immediately restrict access to FortiPAM, FortiOS, and FortiProxy management interfaces to trusted networks and IP addresses only, using network segmentation and firewall rules. 2. Enforce strong authentication mechanisms and monitor for unusual login patterns or failed authentication attempts to detect potential credential compromise. 3. Implement strict role-based access controls (RBAC) to limit user privileges, minimizing the number of users with access to vulnerable features such as RDP bookmark connections. 4. Enable detailed logging and continuous monitoring of privileged access management activities to identify suspicious behavior early. 5. Apply vendor patches and updates as soon as they become available; coordinate with Fortinet support channels to obtain early access or workarounds if possible. 6. Conduct internal audits of privileged accounts and credentials stored or managed via FortiPAM to reduce risk exposure. 7. Consider deploying virtual patching or intrusion prevention system (IPS) signatures that detect and block exploitation attempts targeting this vulnerability. 8. Educate administrators and security teams about the vulnerability specifics and ensure incident response plans include scenarios involving Fortinet PAM compromise.