CVE-2025-32756: Fortinet Multiple Products Stack-Based Buffer Overflow Vulnerability
First published: Tue May 13 2025(Updated: )
A stack-based buffer overflow vulnerability [CWE-121] in Fortinet FortiVoice versions 7.2.0, 7.0.0 through 7.0.6, 6.4.0 through 6.4.10, FortiRecorder versions 7.2.0 through 7.2.3, 7.0.0 through 7.0.5, 6.4.0 through 6.4.5, FortiMail versions 7.6.0 through 7.6.2, 7.4.0 through 7.4.4, 7.2.0 through 7.2.7, 7.0.0 through 7.0.8, FortiNDR versions 7.6.0, 7.4.0 through 7.4.7, 7.2.0 through 7.2.4, 7.0.0 through 7.0.6, FortiCamera versions 2.1.0 through 2.1.3, 2.0 all versions, 1.1 all versions, allows a remote unauthenticated attacker to execute arbitrary code or commands via sending HTTP requests with specially crafted hash cookie.
Credit: psirt@fortinet.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Fortinet | ||
| Fortinet FortiVoice Enterprise | >=7.0.0<7.0.6>=6.4.0<6.4.10 | |
| Fortinet FortiRecorder 400D | >=7.2.0<7.2.3>=7.0.0<7.0.5>=6.4.0<6.4.5 | |
| Fortinet Fortimail-200d | >=7.6.0<7.6.2>=7.4.0<7.4.4>=7.2.0<7.2.7>=7.0.0<7.0.8 | |
| FortiNDR | >=7.4.0<7.4.7>=7.2.0<7.2.4>=7.0.0<7.0.6 | |
| Fortinet FortiCamera Firmware | >=2.1.0<2.1.3 | |
| Fortinet Fortimail-200d | >=7.0.0<7.0.9 | |
| Fortinet Fortimail-200d | >=7.2.0<7.2.8 | |
| Fortinet Fortimail-200d | >=7.4.0<7.4.5 | |
| Fortinet Fortimail-200d | >=7.6.0<7.6.3 | |
| FortiNDR | >=7.0.0<7.0.7 | |
| FortiNDR | >=7.2.0<7.2.5 | |
| FortiNDR | >=7.4.0<7.4.8 | |
| FortiNDR | =1.1.0 | |
| FortiNDR | =1.2.0 | |
| FortiNDR | =1.3.0 | |
| FortiNDR | =1.4.0 | |
| FortiNDR | =1.5.0 | |
| FortiNDR | =7.1.0 | |
| FortiNDR | =7.1.1 | |
| FortiNDR | =7.6.0 | |
| Fortinet FortiRecorder 400D | >=6.4.0<6.4.6 | |
| Fortinet FortiRecorder 400D | >=7.0.0<7.0.6 | |
| Fortinet FortiRecorder 400D | >=7.2.0<7.2.4 | |
| Fortinet FortiVoice Enterprise | >=6.4.0<6.4.11 | |
| Fortinet FortiVoice Enterprise | >=7.0.0<7.0.7 | |
| Fortinet FortiVoice Enterprise | =7.2.0 | |
| All of | ||
| Fortinet FortiCamera Firmware | >=2.0.0<2.4.0 | |
| Fortinet FortiCamera Firmware | ||
| All of | ||
| Fortinet FortiCamera Firmware | >=1.1.0<=1.1.5 | |
| Fortinet FortiCamera Firmware |
Remedy
Please upgrade to FortiVoice version 7.2.1 or above Please upgrade to FortiVoice version 7.0.7 or above Please upgrade to FortiVoice version 6.4.11 or above Please upgrade to FortiRecorder version 7.2.4 or above Please upgrade to FortiRecorder version 7.0.6 or above Please upgrade to FortiRecorder version 6.4.6 or above Please upgrade to FortiMail version 7.6.3 or above Please upgrade to FortiMail version 7.4.5 or above Please upgrade to FortiMail version 7.2.8 or above Please upgrade to FortiMail version 7.0.9 or above Please upgrade to FortiNDR version 7.6.1 or above Please upgrade to FortiNDR version 7.4.8 or above Please upgrade to FortiNDR version 7.2.5 or above Please upgrade to FortiNDR version 7.0.7 or above Please upgrade to FortiCamera version 2.1.4 or above
Remedy
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2025-32756?
CVE-2025-32756 has a critical severity due to its potential for remote code execution through a stack-based buffer overflow.
How do I fix CVE-2025-32756?
To fix CVE-2025-32756, upgrade affected Fortinet products to the latest patched versions provided by Fortinet.
Which Fortinet products are affected by CVE-2025-32756?
CVE-2025-32756 affects FortiVoice, FortiRecorder, FortiMail, and FortiNDR across specific version ranges.
What types of attacks can exploit CVE-2025-32756?
Exploitation of CVE-2025-32756 can allow an attacker to execute arbitrary code on the vulnerable system.
Is CVE-2025-32756 easy to exploit?
Yes, CVE-2025-32756 is considered relatively easy to exploit if the target system is exposed to the internet.
- collector/mitre-cve
- source/MITRE
- agent/type
- agent/first-publish-date
- agent/author
- collector/bleeping-computer
- source/BleepingComputer
- alias/CVE-2025-32756
- agent/news-ai
- zeroday/true
- exploited/true
- agent/severity
- agent/references
- agent/remedy
- agent/description
- agent/source
- agent/title
- agent/trending
- agent/event
- collector/cisa-known-exploited
- source/CISA
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- collector/nvd-cve
- source/NVD
- agent/weakness
- agent/last-modified-date
- agent/softwarecombine
- agent/tags
- agent/guess-ai
- collector/nvd-api
- vendor/fortinet
- canonical/fortinet
- canonical/fortinet fortivoice enterprise
- canonical/fortinet fortirecorder 400d
- canonical/fortinet fortimail-200d
- canonical/fortindr
- canonical/fortinet forticamera firmware
- version/fortinet fortimail-200d/7.0.0
- version/fortinet fortimail-200d/7.2.0
- version/fortinet fortimail-200d/7.4.0
- version/fortinet fortimail-200d/7.6.0
- version/fortindr/7.0.0
- version/fortindr/7.2.0
- version/fortindr/7.4.0
- version/fortindr/1.1.0
- version/fortindr/1.2.0
- version/fortindr/1.3.0
- version/fortindr/1.4.0
- version/fortindr/1.5.0
- version/fortindr/7.1.0
- version/fortindr/7.1.1
- version/fortindr/7.6.0
- version/fortinet fortirecorder 400d/6.4.0
- version/fortinet fortirecorder 400d/7.0.0
- version/fortinet fortirecorder 400d/7.2.0
- version/fortinet fortivoice enterprise/6.4.0
- version/fortinet fortivoice enterprise/7.0.0
- version/fortinet fortivoice enterprise/7.2.0
- version/fortinet forticamera firmware/2.0.0
- version/fortinet forticamera firmware/1.1.0
- version/fortinet forticamera firmware/1.1.5