Fortinet has released security patches addressing a dozen vulnerabilities across its product range, including a critical zero-day actively exploited against FortiVoice devices. The vulnerabilities could allow remote code execution and authentication bypass, posing significant risks to affected systems.
Affected: FortiVoice, Fortinet products (FortiMail, FortiNDR, FortiRecorder, FortiCamera), FortiOS, FortiProxy, FortiSwitchManager, FortiClient, FortiManager, FortiPortal
Affected: FortiVoice, Fortinet products (FortiMail, FortiNDR, FortiRecorder, FortiCamera), FortiOS, FortiProxy, FortiSwitchManager, FortiClient, FortiManager, FortiPortal
Keypoints
- The zero-day bug CVE-2025-32756 enables unauthenticated remote code execution on FortiVoice devices.
- Attackers have exploited this vulnerability in the wild, targeting device networks and logging credentials.
- Fortinet released patches for multiple products, including FortiMail, FortiNDR, FortiRecorder, and FortiCamera, to fix the flaws.
- A critical flaw in FortiOS, FortiProxy, and FortiSwitchManager could allow TACACS+ authentication bypass.
- Customers are urged to apply patches promptly and follow advisories to safeguard their systems.
Read More: https://www.securityweek.com/fortinet-patches-zero-day-exploited-against-fortivoice-appliances/