Fortinet

A critical zero-day vulnerability affecting multiple Fortinet products has been actively exploited. The vulnerability, tracked as CVE-2025-32756, enables unauthenticated remote code execution through a stack-based buffer overflow flaw. Attackers have been conducting network reconnaissance, erasing system logs, and capturing credentials. Several IP addresses have been identified as associated with the threat actors. Malicious files have been deployed on compromised systems to maintain long-term access. Organizations are urged to apply security patches immediately.

Source: https://cybersecuritynews.com/poc-exploit-fortinet-0-day-vulnerability/

TPRM report: https://scoringcyber.rankiteo.com/company/fortinet

"id": "for300060925",
"linkid": "fortinet",
"type": "Vulnerability",
"date": "6/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"

{'affected_entities': [{'industry': 'Cybersecurity',
                        'name': 'Fortinet',
                        'type': 'Corporation'}],
 'attack_vector': 'Unauthenticated Remote Code Execution',
 'description': 'A new proof-of-concept (PoC) exploit for a critical zero-day '
                'vulnerability affecting multiple Fortinet products raises '
                'urgent concerns about the security of enterprise network '
                'infrastructure.',
 'impact': {'systems_affected': ['FortiVoice',
                                 'FortiMail',
                                 'FortiNDR',
                                 'FortiRecorder',
                                 'FortiCamera']},
 'initial_access_broker': {'entry_point': 'AuthHash cookie parameter within '
                                          'the /remote/hostcheck_validate '
                                          'endpoint'},
 'motivation': 'Comprehensive compromise operations',
 'post_incident_analysis': {'corrective_actions': 'Apply security patches and '
                                                  'disable HTTP/HTTPS '
                                                  'administrative interfaces '
                                                  'as an interim workaround',
                            'root_causes': 'Improper bounds checking when '
                                           "handling the 'enc' parameter"},
 'response': {'containment_measures': 'Disable HTTP/HTTPS administrative '
                                      'interfaces on affected devices',
              'enhanced_monitoring': 'Block and monitor for connections from '
                                     'the following IP addresses: '
                                     '198.105.127.124, 43.228.217.173, '
                                     '43.228.217.82, 156.236.76.90, '
                                     '218.187.69.244, and 218.187.69.59',
              'remediation_measures': 'Apply security patches to the following '
                                      'minimum versions: FortiVoice 7.2.1+, '
                                      '7.0.7+, or 6.4.11+; FortiMail 7.6.3+, '
                                      '7.4.5+, 7.2.8+, or 7.0.9+; FortiNDR '
                                      '7.6.1+, 7.4.8+, 7.2.5+, or 7.0.7+; '
                                      'FortiRecorder 7.2.4+, 7.0.6+, or '
                                      '6.4.6+; and FortiCamera 2.1.4+'},
 'title': 'Critical Zero-Day Vulnerability in Fortinet Products '
          '(CVE-2025-32756)',
 'type': 'Zero-Day Vulnerability',
 'vulnerability_exploited': 'CVE-2025-32756'}

Fortinet

TBK Vision

HPE

Wireshark Foundation