CVE-2025-57740 is a heap-based buffer overflow vulnerability (CWE-122) identified in Fortinet's FortiPAM, FortiOS, and FortiProxy products across multiple versions, including FortiPAM versions 1.0.0 through 1.5.0, FortiOS versions 6.4 through 7.6.2, and FortiProxy versions 7.0 through 7.6.2. The flaw arises in the handling of RDP bookmark connections, where an authenticated user with low privileges (PR:L) can send crafted requests that overflow a heap buffer, enabling execution of unauthorized code or commands. The vulnerability does not require user interaction (UI:N) and can be exploited remotely over the network (AV:N), but the attack complexity is high (AC:H), meaning exploitation requires detailed knowledge and precise conditions. The vulnerability impacts confidentiality, integrity, and availability (C:H/I:H/A:H), allowing attackers to potentially take full control of affected systems. The CVSS 3.1 score is 6.7, reflecting medium severity. No public exploits or active exploitation in the wild have been reported as of the publication date (October 14, 2025). The vulnerability affects critical Fortinet products widely used for privileged access management and network security, making it a significant concern for organizations relying on these solutions.

The vulnerability allows an authenticated user with low privileges to execute arbitrary code, which can lead to full system compromise. This threatens the confidentiality of sensitive data managed by FortiPAM and FortiOS, including privileged credentials and network configurations. Integrity can be compromised by unauthorized changes to system settings or security policies. Availability may be disrupted by system crashes or denial of service caused by the buffer overflow. Organizations using affected Fortinet products in critical infrastructure, financial services, government, and large enterprises face elevated risks of data breaches, operational disruption, and lateral movement by attackers. The requirement for authentication limits exposure but insider threats or compromised accounts could exploit this flaw. The absence of known exploits reduces immediate risk but also means organizations should proactively patch to prevent future attacks.

1. Apply vendor patches and updates as soon as they become available for FortiPAM, FortiOS, and FortiProxy to remediate the vulnerability. 2. Restrict access to Fortinet management interfaces to trusted administrators only, using network segmentation and VPNs. 3. Enforce strong authentication mechanisms and monitor for unusual login activity to detect potential misuse of credentials. 4. Implement strict role-based access controls to limit the number of users with privileges to interact with RDP bookmark features. 5. Conduct regular security audits and vulnerability scans focusing on Fortinet products to identify unpatched systems. 6. Monitor network traffic for anomalous requests targeting RDP bookmark connections or unusual command execution patterns. 7. Employ endpoint detection and response (EDR) tools to identify exploitation attempts or post-exploitation activity. 8. Prepare incident response plans specifically addressing potential exploitation of Fortinet vulnerabilities to enable rapid containment.