CVE-2025-32756

A stack-based buffer overflow vulnerability [CWE-121] in Fortinet FortiVoice versions 7.2.0, 7.0.0 through 7.0.6, 6.4.0 through 6.4.10, FortiRecorder versions 7.2.0 through 7.2.3, 7.0.0 through 7.0.5, 6.4.0 through 6.4.5, FortiMail versions 7.6.0 through 7.6.2, 7.4.0 through 7.4.4, 7.2.0 through 7.2.7, 7.0.0 through 7.0.8, FortiNDR versions 7.6.0, 7.4.0 through 7.4.7, 7.2.0 through 7.2.4, 7.0.0 through 7.0.6, FortiCamera versions 2.1.0 through 2.1.3, 2.0 all versions, 1.1 all versions, allows a remote unauthenticated attacker to execute arbitrary code or commands via sending HTTP requests with specially crafted hash cookie.

Published: May 13, 2025
Updated: May 17, 2025
CVE: CVE-2025-32756
Severity: Critical
Exploit:

CVSS v3:

Severity: Critical
Score: 9.8
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWEs:

Affected Software
References

Software	From	Fixed in
fortinet / fortindr	7.1.0	7.1.0.x
fortinet / fortimail	7.0.0	7.0.9
fortinet / fortimail	7.2.0	7.2.8
fortinet / fortimail	7.4.0	7.4.5
fortinet / fortimail	7.6.0	7.6.3
fortinet / fortindr	7.0.0	7.0.7
fortinet / fortirecorder	7.2.0	7.2.4
fortinet / fortirecorder	7.0.0	7.0.6
fortinet / fortirecorder	6.4.0	6.4.6
fortinet / fortindr	7.6.0	7.6.0.x
fortinet / fortindr	7.4.0	7.4.8
fortinet / fortindr	7.2.0	7.2.5
fortinet / fortindr	7.1.1	7.1.1.x
fortinet / fortindr	1.5.0	1.5.0.x
fortinet / fortindr	1.4.0	1.4.0.x
fortinet / fortindr	1.3.0	1.3.0.x
fortinet / fortindr	1.2.0	1.2.0.x
fortinet / fortindr	1.1.0	1.1.0.x
fortinet / fortivoice	7.0.0	7.0.7
fortinet / fortivoice	6.4.0	6.4.11
fortinet / fortivoice	7.2.0	7.2.0.x
fortinet / forticamera_firmware	2.0.0	2.4.0
fortinet / forticamera_firmware	1.1.0	1.1.5.x

https://fortiguard.fortinet.com/psirt/FG-IR-25-254

Vulnerability Database

289,784

CVE-2025-32756