Fortinet has announced a zero-day vulnerability that is being currently exploited in the wild by hackers and threat actors has been discovered. It has been named CVE-2025-32756.
Fortinet products including the following are being targeted:
- FortiVoice
- FortiRecorder
- FortiMail
- FortiNDR
- FortiCamera
A timely response is being urged to prevent data loss and protect the company and its users from the harmful effects this flaw brings.
What Makes CVE-2025-32756 So Dangerous?
Fortinet products handle HTTP requests containing malicious cookies through a specific procedure. CVE-2025-32756 creates stack-based buffer overflow in that specific procedure. This allows unauthenticated remote hackers to run any code they want by just sending a specially crafted HTTP request. As a result, the hackers get the power to take full control of the exploited systems. They don’t even require any prior access or company credentials for this access.
Furthermore, what makes this bug a severity risk is its high CVSS (Common Vulnerability Scoring System) rating. Its CVSS rating is 9.6 – quite alarming, to be fair.
What is even more is the fact that this flaw is being actively exploited already. Fortinet has confirmed multiple attacks. Most of these attacks have targeted FortiVoice enterprise phone systems. Attackers have used these incidents to observe networks, delete crash logs to erase evidence, and enable “fcgi debugging” features to steal sensitive information such as SSH access attempts and login credentials.
Which Products are Being Affected & What are the Recommended Updates?
To combat this, Fortinet has released patches to fix this vulnerability across all affected products and versions. Hence, organizations should act swiftly to update the following:
- FortiVoice:
- 7.2 → update to 7.2.1 or later
- 7.0 → 7.0.7 or later
- 6.4 → 6.4.11 or later
- FortiRecorder:
- 7.2 → 7.2.4+
- 7.0 → 7.0.6+
- 6.4 → 6.4.6+
- FortiNDR:
- 7.6 → 7.6.1+
- 7.4 → 7.4.8+
- 7.2 → 7.2.5+
- 7.0 → 7.0.7+
- Versions 7.1 and earlier must migrate to secure releases
- FortiMail:
- 7.6 → 7.6.3+
- 7.4 → 7.4.5+
- 7.2 → 7.2.8+
- 7.0 → 7.0.9+
- FortiCamera:
- 2.1 → 2.1.4+
- Versions 2.0 and 1.1 require migration to patched versions
How to Mitigate Risk for Unpatched Systems?
In case immediate patching is not possible, Fortinet strongly recommends that you disable the HTTP and HTTPS administrative interfaces on your affected devices. Though this is a temporary guard, it still significantly reduces the attack surface and limits the ability remote hackers have. Monitoring of suspicious activities including missing log files, unexpected system reboots and unusual network scans is also recommended.
Conclusion
CVE-2025-32756 has a high exploitation and severity rate. Therefore, it represents a serious threat to systems that are running vulnerable Fortinet products. Organizations, therefore, should get updated security patches immediately or risk potential data loss, system compromise, and long-term breach by hackers.
We recommend that you stay updated with Fortinet’s security advisories. Maintain rigorous security practices. These will defend users against current and future vulnerabilities.
