TROYANOSYVIRUS
Zuruck zu CVEs

CVE-2025-32756

CRITICALCISA KEV
9.8

Beschreibung

A stack-based buffer overflow vulnerability [CWE-121] vulnerability in Fortinet FortiCamera 2.1.0 through 2.1.3, FortiCamera 2.0 all versions, FortiCamera 1.1 all versions, FortiMail 7.6.0 through 7.6.2, FortiMail 7.4.0 through 7.4.4, FortiMail 7.2.0 through 7.2.7, FortiMail 7.0.0 through 7.0.8, FortiNDR 7.6.0, FortiNDR 7.4.0 through 7.4.7, FortiNDR 7.2.0 through 7.2.4, FortiNDR 7.0.0 through 7.0.6, FortiRecorder 7.2.0 through 7.2.3, FortiRecorder 7.0.0 through 7.0.5, FortiRecorder 6.4.0 through 6.4.5, FortiVoice 7.2.0, FortiVoice 7.0.0 through 7.0.6, FortiVoice 6.4.0 through 6.4.10 allows a remote unauthenticated attacker to execute arbitrary code or commands via sending HTTP requests with specially crafted hash cookie.

CVE Details

CVSS v3.1 Bewertung9.8
SchweregradCRITICAL
CVSS VektorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AngriffsvektorNETWORK
KomplexitatLOW
Erforderliche PrivilegienNONE
BenutzerinteraktionNONE
Veroffentlicht5/13/2025
Zuletzt geandert1/14/2026
Quellekev
Honeypot-Sichtungen0

CISA KEV

HerstellerFortinet
ProduktMultiple Products
SchwachstellennameFortinet Multiple Products Stack-Based Buffer Overflow Vulnerability
KEV Aufnahmedatum2025-05-14
Behebungsfrist2025-06-04
Ransomware-NutzungUnknown

Betroffene Produkte

fortinet:forticamerafortinet:forticamera_firmwarefortinet:fortimailfortinet:fortindrfortinet:fortirecorderfortinet:fortivoice

Schwachen (CWE)

CWE-121CWE-787

Referenzen

https://fortiguard.fortinet.com/psirt/FG-IR-25-254(psirt@fortinet.com)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-32756(134c704f-9b21-4f2e-91b3-4a467353bcc0)

IOC Korrelationen

Keine Korrelationen erfasst

This product uses data from the NVD API but is not endorsed or certified by the NVD.