CVE-2025-57740_CVE-2025-57740

6.7 / 10

MEDIUM

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

Description

An Heap-based Buffer Overflow vulnerability [CWE-122] in FortiOS version 7.6.2 and below, version 7.4.7 and below, version 7.2.10 and below, 7.0 all versions, 6.4 all versions; FortiPAM version 1.5.0, version 1.4.2 and below, 1.3 all versions, 1.2 all versions, 1.1 all versions, 1.0 all versions and FortiProxy version 7.6.2 and below, version 7.4.3 and below, 7.2 all versions, 7.0 all versions RDP bookmark connection may allow an authenticated user to execute unauthorized code via crafted requests.

Basic Information

ID CVE-2025-57740

Source fortinet

Published Oct 14, 2025 at 15:22

Affected Product

Vendor Fortinet

Product FortiPAM

Version 1.5.0

Affected Versions Fortinet FortiPAM 1.5.0
Fortinet FortiPAM 1.4.0
Fortinet FortiPAM 1.3.0
Fortinet FortiPAM 1.2.0
Fortinet FortiPAM 1.1.0
Fortinet FortiPAM 1.0.0
Fortinet FortiOS 7.6.0
Fortinet FortiOS 7.4.0
Fortinet FortiOS 7.2.0
Fortinet FortiOS 7.0.0
Fortinet FortiOS 6.4.0
Fortinet FortiProxy 7.6.0
Fortinet FortiProxy 7.4.0
Fortinet FortiProxy 7.2.0
Fortinet FortiProxy 7.0.0

CWE Classification

CWE-122

References

fortiguard.fortinet.com /psirt/FG-IR-25-756

{
    "lastseen": "",
    "description": "An Heap-based Buffer Overflow vulnerability [CWE-122] in FortiOS version 7.6.2 and below, version 7.4.7 and below, version 7.2.10 and below, 7.0 all versions, 6.4 all versions; FortiPAM version 1.5.0, version 1.4.2 and below, 1.3 all versions, 1.2 all versions, 1.1 all versions, 1.0 all versions and FortiProxy version 7.6.2 and below, version 7.4.3 and below, 7.2 all versions, 7.0 all versions RDP bookmark connection may allow an authenticated user to execute unauthorized code via crafted requests.",
    "published": "2025-10-14T15:22:54.733Z",
    "modified": "2025-10-14T15:22:54.733Z",
    "type": "cve",
    "title": "CVE-2025-57740",
    "source": "fortinet",
    "references": "https://fortiguard.fortinet.com/psirt/FG-IR-25-756",
    "id": "CVE-2025-57740",
    "bulletinFamily": "",
    "cwe": [
        "CWE-122"
    ],
    "cvelist": null,
    "sourceData": "Fortinet FortiPAM 1.5.0\nFortinet FortiPAM 1.4.0\nFortinet FortiPAM 1.3.0\nFortinet FortiPAM 1.2.0\nFortinet FortiPAM 1.1.0\nFortinet FortiPAM 1.0.0\nFortinet FortiOS 7.6.0\nFortinet FortiOS 7.4.0\nFortinet FortiOS 7.2.0\nFortinet FortiOS 7.0.0\nFortinet FortiOS 6.4.0\nFortinet FortiProxy 7.6.0\nFortinet FortiProxy 7.4.0\nFortinet FortiProxy 7.2.0\nFortinet FortiProxy 7.0.0",
    "sourceHref": "",
    "cvss": {
        "score": 6.7,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "FortiPAM",
    "version": "1.5.0",
    "vendor": "Fortinet",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}