Fortinet Patches CVE-2025-32756 Zero-Day RCE Flaw Exploited in FortiVoice Systems

Avatar
Fortinet has patched a critical security flaw that it said has been exploited as a zero-day in attacks targeting FortiVoice enterprise phone systems. The vulnerability, tracked as CVE-2025-32756, carries a CVSS score of 9.6 out of 10.0. “A stack-based overflow vulnerability [CWE-121] in FortiVoice, FortiMail, FortiNDR, FortiRecorder, and FortiCamera may allow a remote unauthenticated attacker to
[[{“value”:”

Fortinet has patched a critical security flaw that it said has been exploited as a zero-day in attacks targeting FortiVoice enterprise phone systems.

The vulnerability, tracked as CVE-2025-32756, carries a CVSS score of 9.6 out of 10.0.

“A stack-based overflow vulnerability [CWE-121] in FortiVoice, FortiMail, FortiNDR, FortiRecorder, and FortiCamera may allow a remote unauthenticated attacker to execute arbitrary code or commands via crafted HTTP requests,” the company said in an advisory.

The company said it observed the flaw being exploited in the wild on FortiVoice systems, but did not disclose the scale of the attacks and the identity of the threat actors behind them.

It further noted that the threat actor performed device network scans, erased system crash logs, and enabled fcgi debugging to log credentials from the system or SSH login attempts.

The issue affects the following products and versions –

FortiCamera 1.1, 2.0 (Migrate to a fixed release)
FortiCamera 2.1.x (Upgrade to 2.1.4 or above)
FortiMail 7.0.x (Upgrade to 7.0.9 or above)
FortiMail 7.2.x (Upgrade to 7.2.8 or above)
FortiMail 7.4.x (Upgrade to 7.4.5 or above)
FortiMail 7.6.x (Upgrade to 7.6.3 or above)
FortiNDR 1.1, 1.2, 1.3, 1.4, 1.5, 7.1 (Migrate to a fixed release)
FortiNDR 7.0.x (Upgrade to 7.0.7 or above)
FortiNDR 7.2.x (Upgrade to 7.2.5 or above)
FortiNDR 7.4.x (Upgrade to 7.4.8 or above)
FortiNDR 7.6.x (Upgrade to 7.6.1 or above)
FortiRecorder 6.4.x (Upgrade to 6.4.6 or above)
FortiRecorder 7.0.x (Upgrade to 7.0.6 or above)
FortiRecorder 7.2.x (Upgrade to 7.2.4 or above)
FortiVoice 6.4.x (Upgrade to 6.4.11 or above)
FortiVoice 7.0.x (Upgrade to 7.0.7 or above)
FortiVoice 7.2.x (Upgrade to 7.2.1 or above)

Fortinet said the vulnerability was discovered by its product security team based on the threat actor activity that originated from the below IP addresses –

198.105.127.124
43.228.217.173
43.228.217.82
156.236.76.90
218.187.69.244
218.187.69.59

Users of FortiVoice, FortiMail, FortiNDR, FortiRecorder and FortiCamera are recommended to apply the necessary fixes to secure their devices from active exploitation attempts. If immediate patching is not an option, it’s advised to disable the HTTP/HTTPS administrative interface as a temporary workaround.

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.

“}]] The Hacker News 

Total
0
Shares
Previous Post

Ivanti Patches EPMM Vulnerabilities Exploited for Remote Code Execution in Limited Attacks

Next Post

Microsoft Fixes 78 Flaws, 5 Zero-Days Exploited; CVSS 10 Bug Impacts Azure DevOps Server

Related Posts

Agentic AI in the SOC – Dawn of Autonomous Alert Triage

Security Operations Centers (SOCs) today face unprecedented alert volumes and increasingly sophisticated threats. Triaging and investigating these alerts are costly, cumbersome, and increases analyst fatigue, burnout, and attrition. While artificial intelligence has emerged as a go-to solution, the term “AI” often blurs crucial distinctions. Not all AI is built equal, especially in the SOC. Many
Avatar
Read More