CVE-2025-57740

📊 7.5 HIGH⚡ 0.1%🎯 0 exploits

📅 Published Oct 14, 2025

📋 Status: Analyzed

An Heap-based Buffer Overflow vulnerability [CWE-122] in FortiOS version 7.6.2 and below, version 7.4.7 and below, version 7.2.10 and below, 7.0 all versions, 6.4 all versions; FortiPAM version 1.5.0, version 1.4.2 and below, 1.3 all versions, 1.2 all versions, 1.1 all versions, 1.0 all versions and FortiProxy version 7.6.2 and below, version 7.4.3 and below, 7.2 all versions, 7.0 all versions RDP bookmark connection may allow an authenticated user to execute unauthorized code via crafted requests.

CVSS v3.1 • [email protected]

🎯 Affected Products & Systems

7 product configurations affected

Filter by type:

Type	Vendor	Product	Version Range	Status	CPE String
📱App	fortinet	fortiproxy	≥ 7.0.0 ∧ < 7.4.4	Vulnerable	cpe:2.3:a:fortinet:fortiproxy::::::::
📱App	fortinet	fortiproxy	≥ 7.6.0 ∧ < 7.6.3	Vulnerable	cpe:2.3:a:fortinet:fortiproxy::::::::
💻OS	fortinet	fortipam	≥ 1.0.0 ∧ < 1.4.3	Vulnerable	cpe:2.3:o:fortinet:fortipam::::::::
💻OS	fortinet	fortipam	1.5.0	Vulnerable	cpe:2.3:o:fortinet:fortipam:1.5.0:::::::*
💻OS	fortinet	fortios	≥ 6.4.0 ∧ < 7.2.11	Vulnerable	cpe:2.3:o:fortinet:fortios::::::::
💻OS	fortinet	fortios	≥ 7.4.0 ∧ < 7.4.8	Vulnerable	cpe:2.3:o:fortinet:fortios::::::::
💻OS	fortinet	fortios	≥ 7.6.0 ∧ < 7.6.3	Vulnerable	cpe:2.3:o:fortinet:fortios::::::::

📱

fortinet / fortiproxy

Application

Vulnerable

Version: ≥ 7.0.0 ∧ < 7.4.4

CPE:

cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*

📱

fortinet / fortiproxy

Application

Vulnerable

Version: ≥ 7.6.0 ∧ < 7.6.3

CPE:

cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*

💻

fortinet / fortipam

Operating System

Vulnerable

Version: ≥ 1.0.0 ∧ < 1.4.3

CPE:

cpe:2.3:o:fortinet:fortipam:*:*:*:*:*:*:*:*

💻

fortinet / fortipam

Operating System

Vulnerable

Version: 1.5.0

CPE:

cpe:2.3:o:fortinet:fortipam:1.5.0:*:*:*:*:*:*:*

💻

fortinet / fortios

Operating System

Vulnerable

Version: ≥ 6.4.0 ∧ < 7.2.11

CPE:

cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*

💻

fortinet / fortios

Operating System

Vulnerable

Version: ≥ 7.4.0 ∧ < 7.4.8

CPE:

cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*

💻

fortinet / fortios

Operating System

Vulnerable

Version: ≥ 7.6.0 ∧ < 7.6.3

CPE:

cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*

7 products•scroll for more

Metrics

7.5 HIGHCVSS v3.1[email protected]

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector:

NETWORK

Complexity:

HIGH

Privileges:

LOW

User Interaction:

NONE

Confidentiality:

HIGH

Integrity:

HIGH

Availability:

HIGH

Scope:

UNCHANGED

🔍 Technical Details

Analysis Status

Analyzed

CVSS Details

7.5 (HIGH)v3.1

Source: [email protected]

EPSS Details

0.1% (Minimal)22.1th percentile

Last updated: Oct 31, 2025

Exploitation probability within 30 days

Published Date

Oct 14, 2025 (19 days ago)

Last Modified

Oct 15, 2025 (18 days ago)

Security Weaknesses1

CWE-122

References2

NVDgeneral