Start your free trial today.

Protect your organization with cutting-edge cybersecurity solutions designed for resilience and efficiency. Secure your digital assets with confidence.

Your Shield Against Threats

Unleash the Power of Cybersecurity

Boost Your Security, Enhance Your Business

We solve Your Cyber Challenges

Quick Links

Resources

Deepaegis Portals

Fortinet Multiple Products Stack-Based Buffer Overflow Vulnerability

CVSS SCORE:9.8

CVE ID:CVE-2025-32756

SEVERITY:High

Vendor:Fortinet

Reporter:psirt@fortinet.com

Exploitable?Yes

Summary

A stack-based buffer overflow vulnerability [CWE-121] in Fortinet FortiVoice versions 7.2.0, 7.0.0 through 7.0.6, 6.4.0 through 6.4.10, FortiRecorder versions 7.2.0 through 7.2.3, 7.0.0 through 7.0.5, 6.4.0 through 6.4.5, FortiMail versions 7.6.0 through 7.6.2, 7.4.0 through 7.4.4, 7.2.0 through 7.2.7, 7.0.0 through 7.0.8, FortiNDR versions 7.6.0, 7.4.0 through 7.4.7, 7.2.0 through 7.2.4, 7.0.0 through 7.0.6, FortiCamera versions 2.1.0 through 2.1.3, 2.0 all versions, 1.1 all versions, allows a remote unauthenticated attacker to execute arbitrary code or commands via sending HTTP requests with specially crafted hash cookie.

Impact

Fortinet FortiFone, FortiVoice, FortiNDR and FortiMail contain a stack-based overflow vulnerability that may allow a remote unauthenticated attacker to execute arbitrary code or commands via crafted HTTP requests.

Affected Products

Multiple Products

CVSS Metrics

Source: psirt@fortinet.com

version3.1

vectorStringCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

baseScore9.8

baseSeverityCRITICAL

attackVectorNETWORK

attackComplexityLOW

privilegesRequiredNONE

userInteractionNONE

scopeUNCHANGED

confidentialityImpactHIGH

integrityImpactHIGH

availabilityImpactHIGH

CWE Information

Source: psirt@fortinet.com,Type: Primary

Source: nvd@nist.gov,Type: Primary

Action Information

Action Due: 6/4/2025

Remediation: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Exploit Added Date: 5/14/2025

Patch and Mitigation Information

Patch Information

Temporary Fixes / Workarounds

No temporary fixes provided

Recommended Security Measures

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Detection Methods

No detection methods provided

Date Of Vendor Response

Not specified

Date Of Patch Release

Not specified

Additional Information

References

psirt@fortinet.com:https://fortiguard.fortinet.com/psirt/FG-IR-25-254

Affected Organizations

No affected organizations specified

Confidentiality Notice

This document contains sensitive information. Unauthorized distribution is prohibited.

Vulnerability Advisory

Published 5/13/2025

Updated 8/25/2025