CVE-2025-57740 is a heap-based buffer overflow vulnerability (CWE-122) identified in Fortinet's FortiPAM, FortiOS, and FortiProxy products across multiple versions, including FortiPAM versions 1.0.0 through 1.5.0, FortiOS versions 6.4 through 7.6.2, and FortiProxy versions 7.0 through 7.6.2. The flaw arises in the handling of RDP bookmark connection requests, where an authenticated user with low privileges can send specially crafted requests that overflow a heap buffer. This overflow can lead to execution of unauthorized code or commands, compromising the system's confidentiality, integrity, and availability. The vulnerability requires authentication but no additional user interaction, making it a significant risk in environments where user credentials might be compromised or where low-privilege users have access to the management interfaces. The CVSS 3.1 base score is 6.7, reflecting medium severity, with attack vector network (AV:N), attack complexity high (AC:H), privileges required low (PR:L), no user interaction (UI:N), and impacts on confidentiality, integrity, and availability all high (C:H/I:H/A:H). No public exploits have been reported yet, but the vulnerability is published and should be addressed promptly. The vulnerability affects critical Fortinet products widely used in enterprise and service provider environments for privileged access management and network security, increasing the potential impact of exploitation.

For European organizations, exploitation of CVE-2025-57740 could lead to unauthorized code execution within critical security infrastructure components, such as FortiPAM and FortiOS devices. This can result in full compromise of privileged access management systems, exposing sensitive credentials and administrative controls. The integrity and availability of network security controls could be undermined, potentially allowing attackers to pivot within networks, disrupt services, or exfiltrate data. Given Fortinet's significant market share in Europe, especially among enterprises, government agencies, and managed security service providers, the impact could be widespread. Organizations in sectors like finance, energy, telecommunications, and public administration are particularly at risk due to their reliance on Fortinet products for secure access and network perimeter defense. The requirement for authentication reduces the risk from external unauthenticated attackers but raises concerns about insider threats or credential compromise. The absence of known exploits in the wild currently limits immediate risk but does not preclude future targeted attacks, especially as threat actors develop exploit code.

1. Apply vendor patches and updates as soon as they become available for all affected Fortinet products, prioritizing FortiPAM, FortiOS, and FortiProxy versions listed. 2. Restrict access to management interfaces and RDP bookmark connection functionalities to trusted networks and users only, using network segmentation and firewall rules. 3. Enforce strong authentication mechanisms, including multi-factor authentication (MFA), to reduce the risk of credential compromise. 4. Monitor logs and network traffic for unusual RDP bookmark connection requests or anomalous behavior indicative of exploitation attempts. 5. Conduct regular security audits and vulnerability assessments focusing on privileged access management systems. 6. Implement strict role-based access controls (RBAC) to limit low-privilege users’ capabilities and reduce the attack surface. 7. Educate administrators and users about the risks of credential theft and the importance of secure access practices. 8. Prepare incident response plans specific to potential exploitation of this vulnerability to enable rapid containment and remediation.