CVE-2025-61713

Name of the Vulnerable Software and Affected Versions FortiPAM versions 1.0 through 1.6.0

Description A cleartext storage of sensitive information in memory issue exists in FortiPAM. An authenticated attacker with read-write administrative privileges to the command-line interface (CLI) may be able to obtain other administrators' credentials through the use of diagnose commands. This allows for potential lateral privilege escalation within a network.

Recommendations FortiPAM version 1.6.0 and earlier should be updated. FortiPAM versions 1.5, 1.4, 1.3, 1.2, and 1.1 should be updated.