CVE-2025-57740 is a heap-based buffer overflow vulnerability (CWE-122) identified in Fortinet's FortiPAM, FortiOS, and FortiProxy products across multiple versions, including FortiPAM versions 1.0.0 through 1.5.0, FortiOS versions 6.4 through 7.6.2, and FortiProxy versions 7.0 through 7.6.2. The flaw arises in the handling of RDP bookmark connections, where crafted requests can overflow heap buffers, enabling an authenticated user with low privileges to execute arbitrary code or commands on the affected system. The vulnerability does not require user interaction beyond authentication, but the attacker must have valid credentials with at least low privileges. The CVSS v3.1 base score is 6.7, reflecting medium severity, with high impact on confidentiality, integrity, and availability, but requiring higher attack complexity due to authentication and the need for crafted requests. No public exploits or active exploitation have been reported yet. The vulnerability affects critical Fortinet products widely deployed in enterprise and service provider environments for privileged access management and network security, making it a significant risk if exploited. The vulnerability was reserved in August 2025 and published in October 2025, with no patch links currently available, indicating that mitigation may rely on vendor updates and interim controls.

The vulnerability allows an authenticated attacker to execute arbitrary code, potentially leading to full system compromise of Fortinet FortiPAM, FortiOS, and FortiProxy devices. This can result in unauthorized access to privileged credentials managed by FortiPAM, disruption of network security functions, and compromise of network traffic inspection or proxying capabilities. For European organizations, especially those in critical infrastructure sectors such as energy, finance, telecommunications, and government, exploitation could lead to data breaches, operational disruption, and lateral movement within networks. The impact on confidentiality is high due to exposure of privileged credentials; integrity is compromised by unauthorized code execution; availability may be affected by system crashes or denial of service. The requirement for authentication limits exposure but insider threats or compromised credentials increase risk. The absence of known exploits reduces immediate risk but does not preclude targeted attacks. Organizations relying heavily on Fortinet products for security and access management face elevated risk, necessitating prompt mitigation.

1. Monitor Fortinet's official advisories closely for patches addressing CVE-2025-57740 and apply them promptly once available. 2. Restrict access to FortiPAM, FortiOS, and FortiProxy management interfaces to trusted networks and users using network segmentation and firewall rules. 3. Enforce strong authentication mechanisms, including multi-factor authentication, to reduce risk of credential compromise. 4. Audit and monitor logs for unusual RDP bookmark connection requests or anomalous activity indicative of exploitation attempts. 5. Limit the number of users with access to affected systems and review privilege assignments regularly. 6. Employ intrusion detection/prevention systems (IDS/IPS) tuned to detect suspicious activity related to Fortinet products. 7. Consider temporary compensating controls such as disabling RDP bookmark features if feasible until patches are applied. 8. Conduct internal vulnerability assessments and penetration tests focusing on Fortinet devices to identify potential exploitation paths. 9. Maintain an incident response plan tailored to Fortinet product compromise scenarios.