vulnerability

Fortinet FortiOS: (CVE-2025-57740)

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
9	(AV:N/AC:M/Au:S/C:C/I:C/A:C)	Nov 7, 2025	Nov 7, 2025	Mar 30, 2026

Severity

CVSS

(AV:N/AC:M/Au:S/C:C/I:C/A:C)

Published

Nov 7, 2025

Added

Nov 7, 2025

Modified

Mar 30, 2026

Description

An Heap-based Buffer Overflow vulnerability [CWE-122] in FortiOS version 7.6.2 and below, version 7.4.7 and below, version 7.2.10 and below, 7.0 all versions, 6.4 all versions; FortiPAM version 1.5.0, version 1.4.2 and below, 1.3 all versions, 1.2 all versions, 1.1 all versions, 1.0 all versions and FortiProxy version 7.6.2 and below, version 7.4.3 and below, 7.2 all versions, 7.0 all versions RDP bookmark connection may allow an authenticated user to execute unauthorized code via crafted requests.

Solutions

fortios-upgrade-7_2_11fortios-upgrade-7_4_8fortios-upgrade-7_6_3

References

CVE-2025-57740
https://attackerkb.com/topics/CVE-2025-57740
CWE-122
EUVD-EUVD-2025-34242
https://euvd.enisa.europa.eu/vulnerability/EUVD-2025-34242
https://fortiguard.fortinet.com/psirt/FG-IR-25-756

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report