CVE-2025-61713 is a vulnerability identified in multiple versions of Fortinet's FortiPAM product, a privileged access management solution widely used to secure administrative credentials and access. The flaw arises from the cleartext storage of sensitive information, specifically administrator credentials, in memory during the execution of certain diagnostic commands via the CLI. An attacker who is already authenticated with read-write administrative privileges on the FortiPAM CLI can leverage this vulnerability to retrieve other administrators' credentials, potentially escalating their access or compromising other accounts. The vulnerability is classified under CWE-316 (Cleartext Storage of Sensitive Information in Memory), indicating poor handling of sensitive data in volatile memory. The CVSS v3.1 score is 3.8 (low severity), reflecting that exploitation requires high privileges (PR:H), local access (AV:L), and user interaction (UI:R). The impact is primarily on confidentiality, with no direct effect on integrity or availability. No known exploits have been reported in the wild as of the publication date. The vulnerability affects all FortiPAM versions from 1.0.0 through 1.6.0, highlighting the need for patching or mitigation across a broad range of deployments. FortiPAM is critical in managing privileged credentials, so exposure of these credentials can lead to significant security risks if exploited.

For European organizations, the primary impact of CVE-2025-61713 is the potential compromise of privileged administrator credentials within FortiPAM deployments. This can lead to unauthorized access to sensitive systems and data, undermining the confidentiality of critical infrastructure and business operations. Since FortiPAM is used to manage privileged access, credential disclosure could facilitate lateral movement, privilege escalation, and further compromise within enterprise networks. The requirement for authenticated CLI access limits the attack surface to insiders or attackers who have already breached initial defenses. However, given the strategic importance of privileged access management in sectors such as finance, energy, government, and telecommunications, even low-severity vulnerabilities can have outsized consequences. The lack of known exploits reduces immediate risk but does not eliminate the threat, especially in environments with multiple administrators or less stringent access controls. European organizations with compliance obligations around data protection and access control may face regulatory scrutiny if such vulnerabilities are exploited.

To mitigate CVE-2025-61713, European organizations should implement the following specific measures: 1) Restrict CLI access to FortiPAM strictly to trusted administrators and enforce the principle of least privilege to minimize the number of users with read-write admin rights. 2) Enable detailed logging and continuous monitoring of CLI commands and administrative activities to detect suspicious behavior indicative of credential harvesting attempts. 3) Apply network segmentation and access controls to limit who can reach FortiPAM management interfaces, reducing the risk of unauthorized access. 4) Coordinate with Fortinet to obtain and deploy patches or updates that address this vulnerability as soon as they become available. 5) Conduct regular security audits and credential rotation policies to limit the window of exposure if credentials are compromised. 6) Educate administrators on the risks of executing diagnostic commands and the importance of secure operational practices. 7) Consider deploying multi-factor authentication (MFA) for administrative access to add an additional layer of defense against credential misuse. These steps go beyond generic advice by focusing on operational controls and monitoring tailored to the nature of this vulnerability.