CVE-2025-57740

CWE-122Heap-based Buffer Overflow4 documents4 sources
Severity
8.8HIGH
EPSS
0.1%
top 76.69%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Fortinet FortiosFortinet FortipamFortinet Fortiproxy
Timeline
PublishedOct 14

Description

An Heap-based Buffer Overflow vulnerability [CWE-122] in FortiOS version 7.6.2 and below, version 7.4.7 and below, version 7.2.10 and below, 7.0 all versions, 6.4 all versions; FortiPAM version 1.5.0, version 1.4.2 and below, 1.3 all versions, 1.2 all versions, 1.1 all versions, 1.0 all versions and FortiProxy version 7.6.2 and below, version 7.4.3 and below, 7.2 all versions, 7.0 all versions RDP bookmark connection may allow an authenticated user to execute unauthorized code via crafted reques

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.6 | Impact: 5.9

Affected Packages6 packages

NVDfortinet/fortios6.4.07.2.11+2
NVDfortinet/fortipam1.0.01.4.3+1
NVDfortinet/fortiproxy7.0.07.4.4+1
CVEListV5fortinet/fortios7.6.07.6.2+4
CVEListV5fortinet/fortipam1.4.01.4.2+5

🔴Vulnerability Details

2
CVEList
CVE-2025-57740: An Heap-based Buffer Overflow vulnerability [CWE-122] in FortiOS version 72025-10-14
GHSA
GHSA-246v-8qgx-g3wc: An Heap-based Buffer Overflow vulnerability [CWE-122] in FortiOS version 72025-10-14

📋Vendor Advisories

1
Fortinet
Authenticated Heap Overflow in SSL-VPN bookmarks2025-10-14
CVE-2025-57740 (HIGH CVSS 8.8) | An Heap-based Buffer Overflow vulne | cvebase.io