Fortinet has released patches for a critical zero-day vulnerability (CVE-2025-32756) affecting multiple security products, which has been actively exploited in the wild. The flaw allows remote attackers to execute arbitrary code through crafted HTTP requests, posing significant security risks.
Affected: FortiVoice, FortiMail, FortiNDR, FortiRecorder, FortiCamera.
Affected: FortiVoice, FortiMail, FortiNDR, FortiRecorder, FortiCamera.
Keypoints
- Fortinet patched a critical zero-day vulnerability (CVE-2025-32756) actively exploited in attacks.
- The flaw is a stack-based overflow (CWE-121) that can allow remote, unauthenticated execution of arbitrary code.
- Targeted products include FortiVoice, FortiMail, FortiNDR, FortiRecorder, and FortiCamera, with specific versions requiring updates.
- Attackers performed device network scans, erased crash logs, and logged credentials through enabled debugging features.
- Fortinet identified threat activity originating from several IP addresses and did not disclose the attack scale or threat actors.
- Users are recommended to apply security patches immediately or temporarily disable HTTP/HTTPS interfaces to mitigate risk.
- The vulnerability was discovered by Fortinetβs security team based on active exploitation in the wild.
Read More: https://thehackernews.com/2025/05/fortinet-patches-cve-2025-32756-zero.html