CVE-2025-61713 is a vulnerability identified in multiple versions of Fortinet's FortiPAM, a privileged access management solution widely used to secure and manage administrative credentials. The vulnerability is classified as Cleartext Storage of Sensitive Information in Memory (CWE-316), where sensitive data such as administrator credentials are stored in memory without encryption or adequate protection. An attacker who is already authenticated with read-write administrative privileges to the FortiPAM CLI can leverage diagnose commands to extract other administrators' credentials in cleartext. This exposure compromises the confidentiality of privileged credentials, potentially allowing lateral movement or privilege escalation within an organization. The vulnerability does not affect data integrity or system availability and requires the attacker to have high privileges and interact with the system, limiting remote or unauthenticated exploitation. The CVSS v3.1 base score is 3.8 (low), reflecting the limited attack vector (local), required privileges (high), and user interaction. No public exploits are known, and no patches are currently linked, indicating that mitigation may rely on access controls and monitoring until a fix is released.

For European organizations, the disclosure of administrator credentials in FortiPAM can have significant security implications. FortiPAM is often deployed to manage and secure privileged accounts, which are critical for maintaining secure operations and compliance with regulations such as GDPR and NIS Directive. Exposure of these credentials could lead to unauthorized access to sensitive systems, data breaches, and disruption of critical infrastructure. The impact is particularly severe for sectors with high regulatory and security requirements, such as finance, energy, healthcare, and government. However, the requirement for authenticated high-privilege access reduces the likelihood of widespread exploitation. Organizations with mature access control policies and monitoring may detect and prevent exploitation attempts. Nonetheless, the vulnerability could facilitate insider threats or lateral movement by attackers who have already compromised an administrative account.

To mitigate this vulnerability, European organizations should immediately restrict CLI access to FortiPAM to only the most trusted and necessary administrators, enforcing the principle of least privilege. Implement strict monitoring and logging of all CLI activities, especially diagnose commands, to detect suspicious access patterns. Use multi-factor authentication (MFA) for all administrative accounts to reduce the risk of credential compromise. Until a vendor patch is available, consider isolating FortiPAM management interfaces from general network access, using network segmentation and firewall rules. Regularly audit privileged account usage and rotate credentials frequently to limit the window of exposure. Engage with Fortinet support to obtain timelines for patches or workarounds and apply updates promptly once released. Additionally, conduct internal security awareness training to highlight the risks of credential exposure and the importance of secure administrative practices.