CVE-2025-32756

CRITICALCISA KEV

9.8

Description

A stack-based buffer overflow vulnerability [CWE-121] vulnerability in Fortinet FortiCamera 2.1.0 through 2.1.3, FortiCamera 2.0 all versions, FortiCamera 1.1 all versions, FortiMail 7.6.0 through 7.6.2, FortiMail 7.4.0 through 7.4.4, FortiMail 7.2.0 through 7.2.7, FortiMail 7.0.0 through 7.0.8, FortiNDR 7.6.0, FortiNDR 7.4.0 through 7.4.7, FortiNDR 7.2.0 through 7.2.4, FortiNDR 7.0.0 through 7.0.6, FortiRecorder 7.2.0 through 7.2.3, FortiRecorder 7.0.0 through 7.0.5, FortiRecorder 6.4.0 through 6.4.5, FortiVoice 7.2.0, FortiVoice 7.0.0 through 7.0.6, FortiVoice 6.4.0 through 6.4.10 allows a remote unauthenticated attacker to execute arbitrary code or commands via sending HTTP requests with specially crafted hash cookie.

CVE Details

CVSS v3.1 Score9.8

SeverityCRITICAL

CVSS VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack VectorNETWORK

ComplexityLOW

Privileges RequiredNONE

User InteractionNONE

Published5/13/2025

Last Modified1/14/2026

Sourcekev

Honeypot Sightings0

CISA KEV

VendorFortinet

ProductMultiple Products

Vulnerability NameFortinet Multiple Products Stack-Based Buffer Overflow Vulnerability

KEV Date Added2025-05-14

Remediation Due Date2025-06-04

Ransomware UseUnknown

Affected Products

fortinet:forticamerafortinet:forticamera_firmwarefortinet:fortimailfortinet:fortindrfortinet:fortirecorderfortinet:fortivoice

Weaknesses (CWE)

CWE-121CWE-787

References

https://fortiguard.fortinet.com/psirt/FG-IR-25-254(psirt@fortinet.com)

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-32756(134c704f-9b21-4f2e-91b3-4a467353bcc0)

IOC Correlations

No correlations recorded

This product uses data from the NVD API but is not endorsed or certified by the NVD.