Heap-based Buffer Overflow in FortiOS and FortiPAM Products
CVE-2025-57740

6.7MEDIUM

Key Information:

Vendor: Fortinet
Status: Fortipam; FortiOS; Fortiproxy
Vendor: CVE Published:; 14 October 2025

What is CVE-2025-57740?

A heap-based buffer overflow vulnerability exists in FortiOS, FortiPAM, and FortiProxy. This issue allows authenticated users to potentially execute unauthorized code through specifically crafted requests, making it crucial for users to review their current product versions and apply necessary updates to mitigate this risk.

Affected Version(s)

FortiOS 7.6.0 <= 7.6.2

FortiOS 7.4.0 <= 7.4.7

FortiOS 7.2.0 <= 7.2.10

References

https://fortiguard.fortinet.com/psirt/FG-IR-25-756

CVSS V3.1

Score:

6.7

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 14, 2025
Vulnerability Reserved
Aug 19, 2025

JSON

Fortinet

What is CVE-2025-57740?

Affected Version(s)

References

CVSS V3.1

Timeline