CVE-2025-57740

Name of the Vulnerable Software and Affected Versions FortiOS versions 7.6.2 and below, 7.4.7 and below, 7.2.10 and below, 7.0 all versions, 6.4 all versions FortiPAM versions 1.5.0, 1.4.2 and below, 1.3 all versions, 1.2 all versions, 1.1 all versions, 1.0 all versions FortiProxy versions 7.6.2 and below, 7.4.3 and below, 7.2 all versions, 7.0 all versions

Description A heap-based buffer overflow exists in FortiOS, FortiPAM, and FortiProxy due to improper handling of crafted network requests. This can allow an authenticated user to execute unauthorized code via crafted requests related to RDP bookmark connections.

Recommendations FortiOS versions prior to 7.6.3 should be updated. FortiPAM versions prior to 1.5.1 should be updated. FortiProxy versions prior to 7.6.3 should be updated.