CVE-2025-57740: 
FortiOS vulnerability analysis and mitigation

A Heap-based Buffer Overflow vulnerability (CVE-2025-57740) was discovered in FortiOS, FortiPAM, and FortiProxy RDP bookmark connection functionality. The vulnerability was disclosed on October 14, 2025, affecting multiple versions of FortiOS (6.4.x through 7.6.2), FortiPAM (1.0.x through 1.5.0), and FortiProxy (7.0.x through 7.6.2). This medium-severity vulnerability allows authenticated users to potentially execute unauthorized code through crafted requests (Fortinet Advisory).

The vulnerability is classified as a Heap-based Buffer Overflow (CWE-122) affecting the SSL-VPN component of the affected systems. It received a CVSSv3.1 base score of 6.7 (Medium) from Fortinet, while the NVD assessment rated it at 8.8 (High) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. The vulnerability specifically impacts the RDP bookmark connection functionality in the SSL-VPN component (NVD).

If successfully exploited, this vulnerability allows an authenticated attacker to execute unauthorized code on the affected systems. The potential impact includes compromise of system confidentiality, integrity, and availability, as indicated by the high impact ratings in the CVSS scoring (Fortinet Advisory, NVD).

Fortinet has released patches for affected versions and recommends upgrading to the following versions: FortiOS 7.6.3 or above (for 7.6.x), 7.4.8 or above (for 7.4.x), 7.2.11 or above (for 7.2.x); FortiPAM 1.5.1 or above (for 1.5.x), 1.4.3 or above (for 1.4.x); FortiProxy 7.6.3 or above (for 7.6.x), 7.4.4 or above (for 7.4.x). For older versions, migration to a fixed release is recommended. Users should follow the recommended upgrade path using Fortinet's upgrade tool (Fortinet Advisory).