US EditionFortinet fixes critical zero-day exploited in FortiVoice attacks
- On May 13, 2025, Fortinet announced a serious buffer overflow flaw in the stack memory, identified as CVE-2025-32756, which impacts several of its products, including FortiVoice.
- Security researchers discovered the vulnerability after confirming active exploitation against FortiVoice systems through crafted HTTP requests by unauthenticated attackers.
- Threat actors exploited this flaw to perform network scans, erase system crash logs, enable FCGI debugging for credential harvesting, and deploy malware on compromised devices.
- The vulnerability, rated with a CVSS score of 9.6, impacts FortiVoice versions from 6.4.0 up to 6.4.10, FortiMail releases through 7.6.2, FortiNDR all 1.x versions and any 7.x editions earlier than 7.6.1, FortiRecorder versions up to 7.2.3, and FortiCamera versions up to 2.1.3. Multiple indicators of compromise have been identified, including six malicious IP addresses such as 198.105.127.124.
- Fortinet released patches immediately and advised customers to update promptly or disable HTTP/HTTPS administrative interfaces as a temporary mitigation to prevent further exploitation.
10 Articles
10 Articles
CVE-2025-32756: Zero-Day Vulnerability in Multiple Fortinet Products Exploited in the Wild
Fortinet has observed threat actors exploiting CVE-2025-32756, a critical zero-day arbitrary code execution vulnerability which affects multiple Fortinet products including FortiVoice, FortiMail, FortiNDR, FortiRecorder and FortiCamera.BackgroundOn May 13th, Fortinet published a security advisory (FG-IR-25-254) for CVE-2025-32756, a critical arbitrary code execution vulnerability affecting multiple Fortinet products.CVEDescriptionCVSSv3CVE-2025-…
Fortinet Patches CVE-2025-32756 Zero-Day RCE Flaw Exploited in FortiVoice Systems
Fortinet has patched a critical security flaw that it said has been exploited as a zero-day in attacks targeting FortiVoice enterprise phone systems. The vulnerability, tracked as CVE-2025-32756, carries a CVSS score of 9.6 out of 10.0. "A stack-based overflow vulnerability [CWE-121] in FortiVoice, FortiMail, FortiNDR, FortiRecorder, and FortiCamera may allow a remote unauthenticated attacker to
FortiVoice 0-day Vulnerability Exploited In The Wild To Execute Arbitrary Code - Cybernoz - Cybersecurity News
Fortinet has disclosed a critical stack-based buffer overflow vulnerability (CVE-2025-32756) affecting multiple products in its security portfolio, with confirmed exploitation targeting FortiVoice systems in the wild. The vulnerability, assigned a CVSS score of 9.6, allows remote unauthenticated attackers to execute arbitrary code or commands through specially crafted HTTP requests, potentially giving them complete control over affected devices.…
Coverage Details
Bias Distribution
- 100% of the sources are Center
To view factuality data please Upgrade to Premium
Ownership
To view ownership data please Upgrade to Vantage