Stack-Based Buffer Overflow in Fortinet FortiVoice and Related Products
CVE-2025-32756
Key Information:
- Vendor
Fortinet
- Vendor
- CVE Published:
- 13 May 2025
Badges
What is CVE-2025-32756?
CVE-2025-32756 is a severe stack-based buffer overflow vulnerability discovered in various Fortinet products, including FortiVoice, FortiRecorder, FortiMail, FortiNDR, and FortiCamera. These products serve critical communication and security functions within organizations, offering services such as voice communication, video recording, email security, and network detection and response. The vulnerability allows remote unauthenticated attackers to execute arbitrary code or commands by sending specially crafted HTTP requests containing manipulated hash cookies. This manipulation could lead to unauthorized access or control over the affected systems, posing a notable risk to organizational integrity and data security.
Potential impact of CVE-2025-32756
-
Remote Code Execution: The vulnerability enables attackers to execute arbitrary code, which could lead to unauthorized access and complete control over the compromised system, allowing for the installation of malware or exfiltration of sensitive data.
-
Service Disruption: Exploitation of this vulnerability can lead to denial of service, impacting key communication and security services within the organization, potentially affecting business operations and customer trust.
-
Increased Risk of Data Breaches: With the capability for remote code execution, attackers could exploit the vulnerability to access sensitive information, resulting in data breaches that expose personal or proprietary information, incurring financial penalties and reputational damage for the organization.
CISA has reported CVE-2025-32756
CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2025-32756 as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace
The CISA's recommendation is: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Affected Version(s)
FortiCamera 2.1.0 <= 2.1.3
FortiCamera 2.0.0
FortiCamera 1.1.0 <= 1.1.5
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
News Articles
CISA (.gov)CVE-2025-32756CISA Adds One Known Exploited Vulnerability to Catalog | CISA
CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation
6 days ago
The Hacker NewsCVE-2025-32756Fortinet Patches CVE-2025-32756 Zero-Day RCE Flaw Exploited in FortiVoice Systems
Fortinet patched CVE-2025-32756, a zero-day flaw exploited in FortiVoice systems, risking remote code execution.
1 week ago
Help Net SecurityCVE-2025-32756Zero-day exploited to compromise Fortinet FortiVoice systems (CVE-2025-32756) - Help Net Security
Fortinet has patched a critical vulnerability (CVE-2025-32756) that has been exploited in the wild to compromise FortiVoice systems.
1 week ago
References
EPSS Score
8% chance of being exploited in the next 30 days.
CVSS V3.1
Timeline
- 🟡
Public PoC available
- 👾
Exploit known to exist
- 🦅
CISA Reported
- 📰
First article discovered by Help Net Security
Vulnerability published
Vulnerability Reserved