FKIE_CVE-2025-32756

Vulnerability from fkie_nvd - Published: 2025-05-13 15:15 - Updated: 2025-10-24 12:53
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
A stack-based buffer overflow vulnerability [CWE-121] in Fortinet FortiVoice versions 7.2.0, 7.0.0 through 7.0.6, 6.4.0 through 6.4.10, FortiRecorder versions 7.2.0 through 7.2.3, 7.0.0 through 7.0.5, 6.4.0 through 6.4.5, FortiMail versions 7.6.0 through 7.6.2, 7.4.0 through 7.4.4, 7.2.0 through 7.2.7, 7.0.0 through 7.0.8, FortiNDR versions 7.6.0, 7.4.0 through 7.4.7, 7.2.0 through 7.2.4, 7.0.0 through 7.0.6, FortiCamera versions 2.1.0 through 2.1.3, 2.0 all versions, 1.1 all versions, allows a remote unauthenticated attacker to execute arbitrary code or commands via sending HTTP requests with specially crafted hash cookie.
References
psirt@fortinet.comhttps://fortiguard.fortinet.com/psirt/FG-IR-25-254Vendor Advisory
134c704f-9b21-4f2e-91b3-4a467353bcc0https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-32756US Government Resource
Impacted products
Vendor Product Version
fortinet fortimail *
fortinet fortimail *
fortinet fortimail *
fortinet fortimail *
fortinet fortindr *
fortinet fortindr *
fortinet fortindr *
fortinet fortindr 1.1.0
fortinet fortindr 1.2.0
fortinet fortindr 1.3.0
fortinet fortindr 1.4.0
fortinet fortindr 1.5.0
fortinet fortindr 7.1.0
fortinet fortindr 7.1.1
fortinet fortindr 7.6.0
fortinet fortirecorder *
fortinet fortirecorder *
fortinet fortirecorder *
fortinet fortivoice *
fortinet fortivoice *
fortinet fortivoice 7.2.0
fortinet forticamera_firmware *
fortinet forticamera -
fortinet forticamera_firmware *
fortinet forticamera -
To clipboard 

{
  "cisaActionDue": "2025-06-04",
  "cisaExploitAdd": "2025-05-14",
  "cisaRequiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
  "cisaVulnerabilityName": "Fortinet Multiple Products Stack-Based Buffer Overflow Vulnerability",
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:fortinet:fortimail:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F05ACB93-42BC-43CD-845F-35FA9FE1D92D",
              "versionEndExcluding": "7.0.9",
              "versionStartIncluding": "7.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fortinet:fortimail:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8395970D-F937-4D1C-9FE1-90348F33FA94",
              "versionEndExcluding": "7.2.8",
              "versionStartIncluding": "7.2.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fortinet:fortimail:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3A40DE6A-D852-4B7E-BA67-B5DBBB3D427C",
              "versionEndExcluding": "7.4.5",
              "versionStartIncluding": "7.4.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fortinet:fortimail:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F2F1655C-A21F-4FD3-875C-4E1DD8A7E178",
              "versionEndExcluding": "7.6.3",
              "versionStartIncluding": "7.6.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fortinet:fortindr:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "039768AE-7C53-48E2-ADEE-77AE304B3D36",
              "versionEndExcluding": "7.0.7",
              "versionStartIncluding": "7.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fortinet:fortindr:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "25383BFB-4CBE-4577-8AB7-4259D03B5B6F",
              "versionEndExcluding": "7.2.5",
              "versionStartIncluding": "7.2.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fortinet:fortindr:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "68F2B9B7-29FE-4CDD-8638-33CA947AB466",
              "versionEndExcluding": "7.4.8",
              "versionStartIncluding": "7.4.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fortinet:fortindr:1.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "0A64D6DA-FC2D-4411-9ADF-7103C0EA652E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fortinet:fortindr:1.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "90B58E2B-7304-49FB-9454-ED9FFBCEE697",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fortinet:fortindr:1.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9C0A1B68-65DC-4267-939A-216758809DC5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fortinet:fortindr:1.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EF813322-7AF8-4F9C-82D9-DBEF8888B97B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fortinet:fortindr:1.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "86DD4A5F-260B-446D-8891-069A34D31760",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fortinet:fortindr:7.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "888692FD-3219-49D3-898C-F4EA84CCC6CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fortinet:fortindr:7.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "874D4928-620B-42FE-8B19-C4314C46739A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fortinet:fortindr:7.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A1D8AE9-D9F9-402C-B8EB-58189200E0D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fortinet:fortirecorder:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A54116E5-DAA0-4D49-A2EE-FA9F9DF0D003",
              "versionEndExcluding": "6.4.6",
              "versionStartIncluding": "6.4.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fortinet:fortirecorder:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "EF6B0F6E-6044-4F62-8AB5-A832A0554B9F",
              "versionEndExcluding": "7.0.6",
              "versionStartIncluding": "7.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fortinet:fortirecorder:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "55A5E420-BCAF-4399-9223-A4398760CD87",
              "versionEndExcluding": "7.2.4",
              "versionStartIncluding": "7.2.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fortinet:fortivoice:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "408D5EE5-B951-4022-A4DF-0295A04899E5",
              "versionEndExcluding": "6.4.11",
              "versionStartIncluding": "6.4.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fortinet:fortivoice:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "58472BB4-2426-44B5-8D17-9C984EA567EB",
              "versionEndExcluding": "7.0.7",
              "versionStartIncluding": "7.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fortinet:fortivoice:7.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "76B48D4B-338A-4CEB-8712-6D880FF0F034",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fortinet:forticamera_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6DBA20DC-B0EE-4FB7-9607-99EDFC4AA459",
              "versionEndIncluding": "2.1.3",
              "versionStartIncluding": "2.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:fortinet:forticamera:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "CFB863FD-5593-4620-8740-4EB692EA58E1",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fortinet:forticamera_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A5FD90AB-29F2-40F1-8591-D046850906F7",
              "versionEndIncluding": "1.1.5",
              "versionStartIncluding": "1.1.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:fortinet:forticamera:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "CFB863FD-5593-4620-8740-4EB692EA58E1",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A stack-based buffer overflow vulnerability [CWE-121] in Fortinet FortiVoice versions 7.2.0, 7.0.0 through 7.0.6, 6.4.0 through 6.4.10, FortiRecorder versions 7.2.0 through 7.2.3, 7.0.0 through 7.0.5, 6.4.0 through 6.4.5, FortiMail versions 7.6.0 through 7.6.2, 7.4.0 through 7.4.4, 7.2.0 through 7.2.7, 7.0.0 through 7.0.8, FortiNDR versions 7.6.0, 7.4.0 through 7.4.7, 7.2.0 through 7.2.4, 7.0.0 through 7.0.6, FortiCamera versions 2.1.0 through 2.1.3, 2.0 all versions, 1.1 all versions, allows a remote unauthenticated attacker to execute arbitrary code or commands via sending HTTP requests with specially crafted hash cookie."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad de desbordamiento de b\u00fafer basada en pila [CWE-121] en Fortinet FortiVoice versiones 7.2.0, 7.0.0 a 7.0.6, 6.4.0 a 6.4.10, FortiRecorder versiones 7.2.0 a 7.2.3, 7.0.0 a 7.0.5, 6.4.0 a 6.4.5, FortiMail versiones 7.6.0 a 7.6.2, 7.4.0 a 7.4.4, 7.2.0 a 7.2.7, 7.0.0 a 7.0.8, FortiNDR versiones 7.6.0, 7.4.0 a 7.4.7, 7.2.0 a 7.2.4, 7.0.0 a 7.0.6, FortiCamera versiones 2.1.0 a 2.1.1, 2.1.2 a 2.1.3, 2.1.4 a 2.1.5, 2.1.6 a 2.1.7, 2.1.8 a 2.1.9, 2.1.1 a 2.1.19, 2.1.9 a 2.1.19, 2.1.1 a 2.1.29, 2.1.3 a 2.1.49, 2.1.4 a 2.1.59, 2.1.6 a 2.1.79, 2.1.8 a 2.1.89, 2.1.9 a 2.1.99, 2.1.9 a 2.1.19, 2.1.9 a 2.1.2 ... 2.1.3, 2.0 todas las versiones, 1.1 todas las versiones, permite a un atacante remoto no autenticado ejecutar c\u00f3digo o comandos arbitrarios mediante el env\u00edo de solicitudes HTTP con cookies hash especialmente manipuladas."
    }
  ],
  "id": "CVE-2025-32756",
  "lastModified": "2025-10-24T12:53:20.003",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "psirt@fortinet.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2025-05-13T15:15:57.113",
  "references": [
    {
      "source": "psirt@fortinet.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://fortiguard.fortinet.com/psirt/FG-IR-25-254"
    },
    {
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "tags": [
        "US Government Resource"
      ],
      "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-32756"
    }
  ],
  "sourceIdentifier": "psirt@fortinet.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-121"
        }
      ],
      "source": "psirt@fortinet.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-787"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.