Vulnerability cyber

Fortinet

May 14, 2025 1 min read
Fortinet

Fortinet has patched a critical vulnerability (CVE-2025-32756) that has been exploited in the wild to compromise FortiVoice phone / conferencing systems. The vulnerability is a stack-based overflow that can lead to remote code and command execution by unauthenticated attackers. Attackers have used it to perform scans of the device network, erase system crashlogs, enable “fcgi debugging” setting to log credentials from the system or SSH login attempts, and drop malware. The vulnerability also affects FortiMail, FortiNDR, FortiRecorder, and FortiCamera, but the attackers have only used it to target FortiVoice installations. Users are advised to upgrade to fixed releases for the affected solutions.

Source: https://www.helpnetsecurity.com/2025/05/13/zero-day-exploited-to-compromise-fortinet-fortivoice-systems-cve-2025-32756/

TPRM report: https://www.rankiteo.com/company/fortinet

"id": "for548051425",
"linkid": "fortinet",
"type": "Vulnerability",
"date": "5/2025",
"severity": "25",
"impact": "1",
"explanation": "Attack without any consequences"
{'affected_entities': [{'industry': 'Cybersecurity',
                        'name': 'Fortinet',
                        'type': 'Technology Company'}],
 'attack_vector': 'Remote Code Execution',
 'description': 'Fortinet has patched a critical vulnerability '
                '(CVE-2025-32756) that has been exploited in the wild to '
                'compromise FortiVoice phone / conferencing systems. The '
                'vulnerability is a stack-based overflow that can lead to '
                'remote code and command execution by unauthenticated '
                'attackers. Attackers have used it to perform scans of the '
                'device network, erase system crashlogs, enable “fcgi '
                'debugging” setting to log credentials from the system or SSH '
                'login attempts, and drop malware. The vulnerability also '
                'affects FortiMail, FortiNDR, FortiRecorder, and FortiCamera, '
                'but the attackers have only used it to target FortiVoice '
                'installations. Users are advised to upgrade to fixed releases '
                'for the affected solutions.',
 'impact': {'systems_affected': ['FortiVoice',
                                 'FortiMail',
                                 'FortiNDR',
                                 'FortiRecorder',
                                 'FortiCamera']},
 'initial_access_broker': {'entry_point': 'Unauthenticated attackers '
                                          'exploiting the vulnerability'},
 'motivation': ['Scanning device network',
                'Erasing system crashlogs',
                "Enabling 'fcgi debugging' setting to log credentials",
                'Dropping malware'],
 'post_incident_analysis': {'root_causes': 'Stack-based overflow '
                                           'vulnerability'},
 'recommendations': 'Users are advised to upgrade to fixed releases for the '
                    'affected solutions.',
 'response': {'remediation_measures': 'Users are advised to upgrade to fixed '
                                      'releases for the affected solutions.'},
 'title': 'Fortinet Critical Vulnerability Exploitation',
 'type': 'Vulnerability Exploitation',
 'vulnerability_exploited': 'CVE-2025-32756'}
Published by
Jeremy C
Jeremy C
You might also like
Vulnerability cyber

N-able

public 3 min read
CISA issued urgent warnings about two critical vulnerabilities (CVE-2025-8875 and CVE-2025-8876) in **N-able N-Central**, a widely used remote monitoring and…
Jeremy C Jeremy C
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.