Overview
CVE-2025-61713 is a medium severity vulnerability affecting Fortinet FortiPAM. It stems from the cleartext storage of sensitive information in memory, allowing an authenticated attacker with read-write admin privileges to the CLI to potentially gain access to other administrator’s credentials. This vulnerability impacts all versions of FortiPAM from 1.0 through 1.6.0.
Technical Details
The vulnerability, classified as CWE-316 (Cleartext Storage of Sensitive Information in Memory), resides in how FortiPAM handles and stores administrator credentials. Specifically, the credentials of administrators are not properly encrypted or protected while held in memory. An attacker with the necessary privileges (read-write admin access to the CLI) can leverage “diagnose” commands to inspect memory and extract these credentials.
This exploitation relies on an attacker’s pre-existing privileged access. It doesn’t represent a bypass of authentication itself, but rather an abuse of existing privileges to gain access to more sensitive information.
CVSS Analysis
The Common Vulnerability Scoring System (CVSS) score for CVE-2025-61713 is 4.2 (Medium).
- Attack Vector: Network (N)
- Attack Complexity: High (H)
- Privileges Required: High (H)
- User Interaction: None (N)
- Scope: Unchanged (U)
- Confidentiality Impact: Low (L)
- Integrity Impact: None (N)
- Availability Impact: None (N)
The medium severity reflects the requirement for high privileges on the CLI to exploit the vulnerability and the relatively limited impact (confidentiality only).
Possible Impact
Successful exploitation of CVE-2025-61713 could lead to:
- Credential Theft: An attacker can obtain the credentials of other FortiPAM administrators.
- Privilege Escalation: Using the stolen credentials, the attacker can gain elevated privileges within the FortiPAM system, potentially leading to unauthorized access to sensitive resources.
- Lateral Movement: The attacker might be able to leverage the compromised FortiPAM system as a springboard to access other systems within the network.
Mitigation or Patch Steps
Fortinet has addressed this vulnerability. Users are strongly advised to upgrade to a patched version of FortiPAM as soon as possible. Check the Fortinet PSIRT advisory for the specific fixed versions.
In the interim, consider the following mitigation steps (though these are not substitutes for patching):
- Restrict CLI Access: Limit access to the CLI interface to only those administrators who absolutely require it.
- Monitor CLI Activity: Implement monitoring and auditing of CLI commands to detect suspicious activity.
- Principle of Least Privilege: Ensure that administrators are granted only the minimum necessary privileges to perform their duties.
