Fortinet Patches CVE-2025-32756 Zero-Day RCE Flaw Exploited in FortiVoice Systems

Fortinet Patches CVE-2025-32756 Zero-Day RCE Flaw Exploited in FortiVoice Systems

Posted on By CWS

Might 14, 2025Ravie LakshmananVulnerability / Community Safety
Fortinet has patched a essential safety flaw that it mentioned has been exploited as a zero-day in assaults concentrating on FortiVoice enterprise cellphone techniques.
The vulnerability, tracked as CVE-2025-32756, carries a CVSS rating of 9.6 out of 10.0.
“A stack-based overflow vulnerability [CWE-121] in FortiVoice, FortiMail, FortiNDR, FortiRecorder, and FortiCamera could permit a distant unauthenticated attacker to execute arbitrary code or instructions by way of crafted HTTP requests,” the corporate mentioned in an advisory.
The corporate mentioned it noticed the flaw being exploited within the wild on FortiVoice techniques, however didn’t disclose the dimensions of the assaults and the id of the risk actors behind them.
It additional famous that the risk actor carried out machine community scans, erased system crash logs, and enabled fcgi debugging to log credentials from the system or SSH login makes an attempt.

The difficulty impacts the next merchandise and variations –

FortiCamera 1.1, 2.0 (Migrate to a set launch)
FortiCamera 2.1.x (Improve to 2.1.4 or above)
FortiMail 7.0.x (Improve to 7.0.9 or above)
FortiMail 7.2.x (Improve to 7.2.8 or above)
FortiMail 7.4.x (Improve to 7.4.5 or above)
FortiMail 7.6.x (Improve to 7.6.3 or above)
FortiNDR 1.1, 1.2, 1.3, 1.4, 1.5, 7.1 (Migrate to a set launch)
FortiNDR 7.0.x (Improve to 7.0.7 or above)
FortiNDR 7.2.x (Improve to 7.2.5 or above)
FortiNDR 7.4.x (Improve to 7.4.8 or above)
FortiNDR 7.6.x (Improve to 7.6.1 or above)
FortiRecorder 6.4.x (Improve to six.4.6 or above)
FortiRecorder 7.0.x (Improve to 7.0.6 or above)
FortiRecorder 7.2.x (Improve to 7.2.4 or above)
FortiVoice 6.4.x (Improve to six.4.11 or above)
FortiVoice 7.0.x (Improve to 7.0.7 or above)
FortiVoice 7.2.x (Improve to 7.2.1 or above)

Fortinet mentioned the vulnerability was found by its product safety crew primarily based on the risk actor exercise that originated from the beneath IP addresses –

198.105.127.124
43.228.217.173
43.228.217.82
156.236.76.90
218.187.69.244
218.187.69.59

Customers of FortiVoice, FortiMail, FortiNDR, FortiRecorder and FortiCamera are really useful to use the mandatory fixes to safe their gadgets from lively exploitation makes an attempt. If quick patching shouldn’t be an choice, it is suggested to disable the HTTP/HTTPS administrative interface as a short lived workaround.

Discovered this text fascinating? Comply with us on Twitter  and LinkedIn to learn extra unique content material we put up.

The Hacker News Tags:, , , , , , , ,

Related Posts

APT36 Targets Indian Government with Golang-Based DeskRAT Malware Campaign APT36 Targets Indian Government with Golang-Based DeskRAT Malware Campaign The Hacker News
OpenClaw Bug Enables One-Click Remote Code Execution via Malicious Link OpenClaw Bug Enables One-Click Remote Code Execution via Malicious Link The Hacker News
Microsoft Patches 67 Vulnerabilities Including WEBDAV Zero-Day Exploited in the Wild Microsoft Patches 67 Vulnerabilities Including WEBDAV Zero-Day Exploited in the Wild The Hacker News
ShadowRay 2.0 Exploits Unpatched Ray Flaw to Build Self-Spreading GPU Cryptomining Botnet ShadowRay 2.0 Exploits Unpatched Ray Flaw to Build Self-Spreading GPU Cryptomining Botnet The Hacker News
How to Use Ringfencing to Prevent the Weaponization of Trusted Software How to Use Ringfencing to Prevent the Weaponization of Trusted Software The Hacker News
Hidden Vulnerabilities of Project Management Tools & How FluentPro Backup Secures Them Hidden Vulnerabilities of Project Management Tools & How FluentPro Backup Secures Them The Hacker News