Vulmon Recent Vulnerabilities Product List Research Posts Trends Blog Docs About Contact
9.8
CVSSv3

CVE-2025-32756

CVSSv4: NA | CVSSv3: 9.8 | CVSSv2: NA | VMScore: 1000 | EPSS: 0.10736 | KEV: Exploitation Reported
Published: 13/05/2025 Updated: 16/05/2025

Vulnerability Summary

Stack-Based Buffer Overflow in Multiple Fortinet Products via HTTP Hash Cookie

A stack-based buffer overflow vulnerability exists in multiple Fortinet products across various versions. This security issue affects FortiVoice, FortiRecorder, FortiMail, FortiNDR, and FortiCamera devices. The vulnerability, tracked as CWE-121, enables a remote unauthenticated attacker to execute arbitrary code or commands. Attackers can trigger the vulnerability by sending HTTP requests containing specially crafted hash cookies. The impacted Fortinet product versions include FortiVoice 7.2.0, 7.0.0-7.0.6, 6.4.0-6.4.10; FortiRecorder 7.2.0-7.2.3, 7.0.0-7.0.5, 6.4.0-6.4.5; FortiMail 7.6.0-7.6.2, 7.4.0-7.4.4, 7.2.0-7.2.7, 7.0.0-7.0.8; FortiNDR 7.6.0, 7.4.0-7.4.7, 7.2.0-7.2.4, 7.0.0-7.0.6; and FortiCamera 2.1.0-2.1.3, 2.0 all versions, and 1.1 all versions.

Solution

Please upgrade to FortiVoice version 7.2.1 or above
Please upgrade to FortiVoice version 7.0.7 or above
Please upgrade to FortiVoice version 6.4.11 or above
Please upgrade to FortiRecorder version 7.2.4 or above
Please upgrade to FortiRecorder version 7.0.6 or above
Please upgrade to FortiRecorder version 6.4.6 or above
Please upgrade to FortiMail version 7.6.3 or above
Please upgrade to FortiMail version 7.4.5 or above
Please upgrade to FortiMail version 7.2.8 or above
Please upgrade to FortiMail version 7.0.9 or above
Please upgrade to FortiNDR version 7.6.1 or above
Please upgrade to FortiNDR version 7.4.8 or above
Please upgrade to FortiNDR version 7.2.5 or above
Please upgrade to FortiNDR version 7.0.7 or above
Please upgrade to FortiCamera version 2.1.4 or above

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

fortinet fortivoice 7.2.0

fortinet fortivoice 7.0.6

fortinet fortivoice 7.0.5

fortinet fortivoice 7.0.4

fortinet fortivoice 7.0.3

fortinet fortivoice 7.0.2

fortinet fortivoice 7.0.1

fortinet fortivoice 7.0.0

fortinet fortivoice 6.4.10

fortinet fortivoice 6.4.9

fortinet fortivoice 6.4.8

fortinet fortivoice 6.4.7

fortinet fortivoice 6.4.6

fortinet fortivoice 6.4.5

fortinet fortivoice 6.4.4

fortinet fortivoice 6.4.3

fortinet fortivoice 6.4.2

fortinet fortivoice 6.4.1

fortinet fortivoice 6.4.0

fortinet fortirecorder 7.2.3

fortinet fortirecorder 7.2.2

fortinet fortirecorder 7.2.1

fortinet fortirecorder 7.2.0

fortinet fortirecorder 7.0.5

fortinet fortirecorder 7.0.4

fortinet fortirecorder 7.0.3

fortinet fortirecorder 7.0.2

fortinet fortirecorder 7.0.1

fortinet fortirecorder 7.0.0

fortinet fortirecorder 6.4.5

fortinet fortirecorder 6.4.4

fortinet fortirecorder 6.4.3

fortinet fortirecorder 6.4.2

fortinet fortirecorder 6.4.1

fortinet fortirecorder 6.4.0

fortinet fortimail 7.6.2

fortinet fortimail 7.6.1

fortinet fortimail 7.6.0

fortinet fortimail 7.4.4

fortinet fortimail 7.4.3

fortinet fortimail 7.4.2

fortinet fortimail 7.4.1

fortinet fortimail 7.4.0

fortinet fortimail 7.2.7

fortinet fortimail 7.2.6

fortinet fortimail 7.2.5

fortinet fortimail 7.2.4

fortinet fortimail 7.2.3

fortinet fortimail 7.2.2

fortinet fortimail 7.2.1

fortinet fortimail 7.2.0

fortinet fortimail 7.0.8

fortinet fortimail 7.0.7

fortinet fortimail 7.0.6

fortinet fortimail 7.0.5

fortinet fortimail 7.0.4

fortinet fortimail 7.0.3

fortinet fortimail 7.0.2

fortinet fortimail 7.0.1

fortinet fortimail 7.0.0

fortinet forticamera 2.1.3

fortinet forticamera 2.1.2

fortinet forticamera 2.1.1

fortinet forticamera 2.1.0

fortinet forticamera 2.0.0

fortinet forticamera 1.1.5

fortinet forticamera 1.1.4

fortinet forticamera 1.1.3

fortinet forticamera 1.1.2

fortinet forticamera 1.1.1

fortinet forticamera 1.1.0

fortinet fortivoice

fortinet fortirecorder

fortinet fortimail

fortinet fortindr

fortinet forticamera

fortinet fortindr 1.1.0

fortinet fortindr 1.2.0

fortinet fortindr 1.3.0

fortinet fortindr 1.4.0

fortinet fortindr 1.5.0

fortinet fortindr 7.1.0

fortinet fortindr 7.1.1

fortinet fortindr 7.6.0

fortinet forticamera firmware

Github Repositories

https://github.com/kn0x0x/CVE-2025-32756-POC

Proof of Concept for CVE-2025-32756 - A critical stack-based buffer overflow vulnerability affecting multiple Fortinet products.

CVE-2025-32756: Fortinet RCE PoC A proof-of-concept for the critical stack-based buffer overflow vulnerability (CVE-2025-32756) affecting Fortinet products Vulnerability CVSS: 98 (Critical) Type: Stack-based buffer overflow in AuthHash cookie processing Impact: Unauthenticated remote code execution Affected Products: FortiVoice, FortiMail, FortiNDR, FortiRecorder, FortiCamer

https://github.com/m4s1um/CVE-2025-32756-RCE-PoC

CVE-2025-32756 — Fortinet FortiVoice Unauthenticated RCE (PoC)

CVE-2025-32756-RCE-PoC CVE-2025-32756 — Fortinet FortiVoice Unauthenticated RCE (PoC)

https://github.com/B1ack4sh/Blackash-CVE-2025-32756

CVE-2025-32756-POC

Blackash-CVE-2025-32756 CVE-2025-32756 'Fortinet' RCE PoC ‼️ Description: A stack-based buffer overflow vulnerability [CWE-121] in Fortinet FortiVoice versions 720, 700 through 706, 640 through 6410, FortiRecorder versions 720 through 723, 700 through 705, 640 through 645, FortiMail versions 760 through 762, 740 through 744, 720 thr

https://github.com/exfil0/CVE-2025-32756-POC

Designed for Demonstration of Deep Exploitation.

CVE-2025-32756-POC Designed for Demonstration of Deep Exploitation

https://github.com/becrevex/CVE-2025-32756

CVE-2025-32756: NSE Scanning for RCE in vulnerable FortiVoice, FortiMail, FortiNDR, FortiRecorder and FortiCamera nodes

CVE-2025-32756 CVE-2025-32756: FortiVoice, FortiMail, FortiNDR, FortiRecorder and FortiCamera Vulnerability

https://github.com/assad12341/stack-based-buffer-overflow-vulnerability

Fortinet RCE PoC

stack-based-buffer-overflow-vulnerability Fortinet RCE PoC A proof-of-concept for the critical stack-based buffer overflow vulnerability affecting Fortinet products Vulnerability CVSS: 98 (Critical) Type: Stack-based buffer overflow in AuthHash cookie processing Impact: Unauthenticated remote code execution Affected Products: FortiVoice, FortiMail, FortiNDR, FortiRecorder, F

https://github.com/alm6no5/CVE-2025-32756-POC

CVE-2025-32756: Fortinet RCE PoC A proof-of-concept for the critical stack-based buffer overflow vulnerability (CVE-2025-32756) affecting Fortinet products Vulnerability CVSS: 98 (Critical) Type: Stack-based buffer overflow in AuthHash cookie processing Impact: Unauthenticated remote code execution Affected Products: FortiVoice, FortiMail, FortiNDR, FortiRecorder, FortiCamer

Recent Articles

Fortinet fixes critical zero-day exploited in FortiVoice attacks
BleepingComputer • Sergiu Gatlan • 13 May 2025

Fortinet fixes critical zero-day exploited in FortiVoice attacks By Sergiu Gatlan May 13, 2025 12:46 PM 0 Fortinet released security updates to patch a critical remote code execution vulnerability exploited as a zero-day in attacks targeting FortiVoice enterprise phone systems. The security flaw is a stack-based overflow vulnerability tracked as CVE-2025-32756 that also impacts FortiMail, FortiNDR, FortiRecorder, and FortiCamera. As the company explains in a security advisory issued on Tuesday, ...

Read more...

References

CWE-121CWE-787https://nvd.nist.govhttps://github.com/kn0x0x/CVE-2025-32756-POChttps://www.bleepingcomputer.com/news/security/fortinet-fixes-critical-zero-day-exploited-in-fortivoice-attacks/https://www.first.org/epsshttps://fortiguard.fortinet.com/psirt/FG-IR-25-254
Preferred Score:
CVSSv3
CVSSv2
CVSSv3
CVSSv4
EPSS
VMScore
Recommendations:
CVE-2025-3248thanhtungtntremote code executioncodepen embed blockCVE-2025-6354chris coyierCVE-2025-50025nitin yawalkarcode executionCVE-2025-50038CVE-2023-0386cross-site scriptingCVE-2025-6351
Home
/
Search Results
/
CVE-2025-32756
Vulmon Logo Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Product List Vendor List Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook