CVE-2025-57740

Published: Oct 14, 2025Modified: Oct 15, 2025

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

An Heap-based Buffer Overflow vulnerability [CWE-122] in FortiOS version 7.6.2 and below, version 7.4.7 and below, version 7.2.10 and below, 7.0 all versions, 6.4 all versions; FortiPAM version 1.5.0, version 1.4.2 and below, 1.3 all versions, 1.2 all versions, 1.1 all versions, 1.0 all versions and FortiProxy version 7.6.2 and below, version 7.4.3 and below, 7.2 all versions, 7.0 all versions RDP bookmark connection may allow an authenticated user to execute unauthorized code via crafted requests.

Affected (7)

Products: Fortinet: Fortiproxy, Fortipam, Fortios

3 products

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Fortinet Fortiproxy	From 7.0.0 to 7.4.4
Fortinet Fortiproxy	From 7.6.0 to 7.6.3

Configuration B

2 vulnerable

Vulnerable Software	Affected Versions
Fortinet Fortipam	From 1.0.0 to 1.4.3
Fortinet Fortipam	Version 1.5.0

Configuration C

3 vulnerable

Vulnerable Software	Affected Versions
Fortinet Fortios	From 6.4.0 to 7.2.11
Fortinet Fortios	From 7.4.0 to 7.4.8
Fortinet Fortios	From 7.6.0 to 7.6.3

Related CWEs

Heap-based Buffer Overflow

A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().

References (1)

https://fortiguard.fortinet.com/psirt/FG-IR-25-756

Source: psirt@fortinet.com

Vendor Advisory

Timeline

No history available yet.