CVE-2025-61713 is a vulnerability affecting Fortinet FortiPAM versions 1.0.0 through 1.6.0, where sensitive administrator credentials are stored in cleartext in memory. This flaw arises from improper handling of sensitive data (classified under CWE-316: Cleartext Storage of Sensitive Information in Memory). An attacker must be an authenticated administrator with read-write privileges to the command-line interface (CLI) to exploit this vulnerability. By executing specific diagnose commands, the attacker can retrieve credentials of other administrators, compromising confidentiality. The vulnerability does not affect integrity or availability of the system. The CVSS 3.1 base score is 3.8 (low severity), reflecting the requirement for high privileges (PR:H), local access (AV:L), and user interaction (UI:R). No public exploits are currently known, and no patches have been linked yet. The vulnerability is significant in environments where multiple administrators manage privileged accounts, as it could lead to lateral privilege escalation or unauthorized access if credentials are exposed. FortiPAM is a privileged access management solution used to secure and manage administrative credentials, so any compromise of stored credentials undermines its core security function.

For European organizations, the primary impact is the potential exposure of administrator credentials within FortiPAM deployments. This could lead to unauthorized access to critical systems if an attacker with administrative CLI access extracts other admins' credentials. Confidentiality breaches could facilitate lateral movement, privilege escalation, or further compromise of sensitive infrastructure. Since FortiPAM is used to manage privileged accounts, the compromise of these credentials could undermine overall security posture, especially in sectors like finance, government, and critical infrastructure. However, the impact is mitigated by the requirement for an attacker to already have high-level administrative access and local CLI interaction, limiting the attack surface. Organizations with multiple administrators and shared credential management are at higher risk. The absence of known exploits reduces immediate threat but does not eliminate risk, especially if attackers develop targeted methods. The vulnerability could also affect compliance with data protection regulations if credential exposure leads to broader data breaches.

1. Restrict CLI access strictly to trusted administrators and enforce strong authentication mechanisms, including multi-factor authentication (MFA) where possible. 2. Implement role-based access controls (RBAC) to minimize the number of users with read-write admin privileges on FortiPAM. 3. Monitor and audit CLI commands and administrator activities to detect unusual or unauthorized diagnose command usage. 4. Segregate administrative duties to reduce risk of a single compromised admin account leading to widespread credential exposure. 5. Apply Fortinet security updates and patches promptly once available to address this vulnerability. 6. Consider encrypting sensitive data in memory if configurable or request Fortinet for secure handling improvements. 7. Conduct regular security assessments and penetration tests focusing on privileged access management systems. 8. Educate administrators on the risks of credential exposure and enforce secure credential management practices. 9. Limit network access to FortiPAM management interfaces to trusted networks and use VPNs or jump hosts for remote access. 10. Maintain an incident response plan that includes procedures for credential compromise scenarios.