Fortinet Addresses Critical CVE-2025-32756 Zero-Day RCE Vulnerability in FortiVoice Systems
Fortinet has addressed a critical security vulnerability identified as CVE-2025-32756, which has been exploited as a zero-day in attacks targeting FortiVoice enterprise phone systems. This vulnerability is rated with a CVSS score of 9.6 out of 10.0, underscoring its severity.
The identified issue manifests as a stack-based buffer overflow vulnerability [CWE-121] across several Fortinet products, including FortiVoice, FortiMail, FortiNDR, FortiRecorder, and FortiCamera. It has the potential to allow remote, unauthenticated attackers to execute arbitrary code or commands through specially crafted HTTP requests.
Fortinet has confirmed observation of this vulnerability being actively exploited against FortiVoice systems, although it has refrained from disclosing the scale of the attacks or the identities of the malicious actors involved. Attacks have been characterized by network scans on the affected devices, deletion of system crash logs, and enabling of fcgi debugging to capture credentials during system or SSH login attempts.
The vulnerability impacts the following product versions:
– FortiCamera 1.1, 2.0 (Migrate to a fixed release)
– FortiCamera 2.1.x (Upgrade to 2.1.4 or above)
– FortiMail 7.0.x (Upgrade to 7.0.9 or above)
– FortiMail 7.2.x (Upgrade to 7.2.8 or above)
– FortiMail 7.4.x (Upgrade to 7.4.5 or above)
– FortiMail 7.6.x (Upgrade to 7.6.3 or above)
– FortiNDR 1.1, 1.2, 1.3, 1.4, 1.5, 7.1 (Migrate to a fixed release)
– FortiNDR 7.0.x (Upgrade to 7.0.7 or above)
– FortiNDR 7.2.x (Upgrade to 7.2.5 or above)
– FortiNDR 7.4.x (Upgrade to 7.4.8 or above)
– FortiNDR 7.6.x (Upgrade to 7.6.1 or above)
– FortiRecorder 6.4.x (Upgrade to 6.4.6 or above)
– FortiRecorder 7.0.x (Upgrade to 7.0.6 or above)
– FortiRecorder 7.2.x (Upgrade to 7.2.4 or above)
– FortiVoice 6.4.x (Upgrade to 6.4.11 or above)
– FortiVoice 7.0.x (Upgrade to 7.0.7 or above)
– FortiVoice 7.2.x (Upgrade to 7.2.1 or above)
The vulnerability was uncovered by Fortinet’s product security team, which traced the threat actor’s activity to several IP addresses, including:
– 198.105.127.124
– 43.228.217.173
– 43.228.217.82
– 156.236.76.90
– 218.187.69.244
– 218.187.69.59
Users of FortiVoice, FortiMail, FortiNDR, FortiRecorder, and FortiCamera are strongly advised to apply the relevant patches to secure their devices against ongoing exploitation attempts. In scenarios where immediate patching is impractical, it is recommended to disable the HTTP/HTTPS administrative interface as an interim protective measure.
Hundreds of data brokers remain unregistered with state consumer protection agencies, as highlighted by recent findings from privacy advocacy groups….
A critical vulnerability in Microsoft’s Entra ID continues to expose numerous enterprise applications, two years post-discovery. Semperis, an identity security…
Recent research has highlighted ongoing risks associated with a known security vulnerability in Microsoft’s Entra ID, which may allow malicious…
Recent reports have emerged regarding a significant breach, touted as the “mother of all breaches,” which quickly garnered extensive media…
A North Korea-aligned threat actor, identified as BlueNoroff, has been engaged in an attack targeting an employee within the Web3…
The threat actor group known as Banana Squad has been identified as employing sophisticated tactics to distribute data-stealing malware. This…
OpenAI is set to release an update for ChatGPT that will activate the new o3 Pro model, which boasts enhanced…
Microsoft has released the KB5058481 preview cumulative update for Windows 10 22H2, which introduces several enhancements, including the restoration of…
Recent discoveries have identified two critical vulnerabilities in the open-source forum software vBulletin, one of which is confirmed to be…