Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-32756

A stack-based buffer overflow vulnerability [CWE-121] in Fortinet FortiVoice versions 7.2.0, 7.0.0 through 7.0.6, 6.4.0 through 6.4.10, FortiRecorder versions 7.2.0 through 7.2.3, 7.0.0 through 7.0.5, 6.4.0 through 6.4.5, FortiMail versions 7.6.0 through 7.6.2, 7.4.0 through 7.4.4, 7.2.0 through 7.2.7, 7.0.0 through 7.0.8, FortiNDR versions 7.6.0, 7.4.0 through 7.4.7, 7.2.0 through 7.2.4, 7.0.0 through 7.0.6, FortiCamera versions 2.1.0 through 2.1.3, 2.0 all versions, 1.1 all versions, allows a remote unauthenticated attacker to execute arbitrary code or commands via sending HTTP requests with specially crafted hash cookie.

Published

2025-05-13T15:15:57.113

Last Modified

2025-05-16T19:41:05.917

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 9.8 (CRITICAL)

Weaknesses

Type: Primary
CWE-121
Type: Primary
CWE-787

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	fortinet	fortimail	< 7.0.9	Yes
Application	fortinet	fortimail	< 7.2.8	Yes
Application	fortinet	fortimail	< 7.4.5	Yes
Application	fortinet	fortimail	< 7.6.3	Yes
Application	fortinet	fortindr	< 7.0.7	Yes
Application	fortinet	fortindr	< 7.2.5	Yes
Application	fortinet	fortindr	< 7.4.8	Yes
Application	fortinet	fortindr	1.1.0	Yes
Application	fortinet	fortindr	1.2.0	Yes
Application	fortinet	fortindr	1.3.0	Yes
Application	fortinet	fortindr	1.4.0	Yes
Application	fortinet	fortindr	1.5.0	Yes
Application	fortinet	fortindr	7.1.0	Yes
Application	fortinet	fortindr	7.1.1	Yes
Application	fortinet	fortindr	7.6.0	Yes
Application	fortinet	fortirecorder	< 6.4.6	Yes
Application	fortinet	fortirecorder	< 7.0.6	Yes
Application	fortinet	fortirecorder	< 7.2.4	Yes
Application	fortinet	fortivoice	< 6.4.11	Yes
Application	fortinet	fortivoice	< 7.0.7	Yes
Application	fortinet	fortivoice	7.2.0	Yes
Operating System	fortinet	forticamera_firmware	< 2.4.0	Yes
Hardware	fortinet	forticamera	-	No
Operating System	fortinet	forticamera_firmware	≤ 1.1.5	Yes
Hardware	fortinet	forticamera	-	No

References

https://fortiguard.fortinet.com/psirt/FG-IR-25-254 Vendor Advisory ([email protected])