CVE-2025-32756 - Vulnerability Details

A stack-based buffer overflow vulnerability [CWE-121] vulnerability in Fortinet FortiCamera 2.1.0 through 2.1.3, FortiCamera 2.0 all versions, FortiCamera 1.1 all versions, FortiMail 7.6.0 through 7.6.2, FortiMail 7.4.0 through 7.4.4, FortiMail 7.2.0 through 7.2.7, FortiMail 7.0.0 through 7.0.8, FortiNDR 7.6.0, FortiNDR 7.4.0 through 7.4.7, FortiNDR 7.2.0 through 7.2.4, FortiNDR 7.0.0 through 7.0.6, FortiRecorder 7.2.0 through 7.2.3, FortiRecorder 7.0.0 through 7.0.5, FortiRecorder 6.4.0 through 6.4.5, FortiVoice 7.2.0, FortiVoice 7.0.0 through 7.0.6, FortiVoice 6.4.0 through 6.4.10 allows a remote unauthenticated attacker to execute arbitrary code or commands via sending HTTP requests with specially crafted hash cookie.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is in the KEV database since May 14, 2025.

The EPSS score is 0.25651.

Exploitation active

Automatable yes

Technical Impact total

Vendors	Products
Fortinet Subscribe	Forticamera Subscribe Forticamera Firmware Subscribe Fortimail Subscribe Fortindr Subscribe Fortirecorder Subscribe Fortivoice Subscribe

Configuration 1 [-]

OR	cpe:2.3:a:fortinet:fortimail::::::::
	cpe:2.3:a:fortinet:fortimail::::::::
	cpe:2.3:a:fortinet:fortimail::::::::
	cpe:2.3:a:fortinet:fortimail::::::::
	cpe:2.3:a:fortinet:fortindr::::::::
	cpe:2.3:a:fortinet:fortindr::::::::
	cpe:2.3:a:fortinet:fortindr::::::::
	cpe:2.3:a:fortinet:fortindr:1.1.0:::::::*
	cpe:2.3:a:fortinet:fortindr:1.2.0:::::::*
	cpe:2.3:a:fortinet:fortindr:1.3.0:::::::*
	cpe:2.3:a:fortinet:fortindr:1.4.0:::::::*
	cpe:2.3:a:fortinet:fortindr:1.5.0:::::::*
	cpe:2.3:a:fortinet:fortindr:7.1.0:::::::*
	cpe:2.3:a:fortinet:fortindr:7.1.1:::::::*
	cpe:2.3:a:fortinet:fortindr:7.6.0:::::::*
	cpe:2.3:a:fortinet:fortirecorder::::::::
	cpe:2.3:a:fortinet:fortirecorder::::::::
	cpe:2.3:a:fortinet:fortirecorder::::::::
	cpe:2.3:a:fortinet:fortivoice::::::::
	cpe:2.3:a:fortinet:fortivoice::::::::
	cpe:2.3:a:fortinet:fortivoice:7.2.0:::::::*

Configuration 2 [-]

AND

cpe:2.3:o:fortinet:forticamera_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:fortinet:forticamera:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:fortinet:forticamera_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:fortinet:forticamera:-:*:*:*:*:*:*:*

No data.

Advisories

No advisories yet.

Fixes

Solution

Upgrade to FortiNDR version 7.6.1 or above Upgrade to FortiNDR version 7.4.8 or above Upgrade to FortiNDR version 7.2.5 or above Upgrade to FortiNDR version 7.0.7 or above Upgrade to FortiCamera version 2.1.4 or above Upgrade to FortiRecorder version 7.2.4 or above Upgrade to FortiRecorder version 7.0.6 or above Upgrade to FortiRecorder version 6.4.6 or above Upgrade to FortiVoice version 7.2.1 or above Upgrade to FortiVoice version 7.0.7 or above Upgrade to FortiVoice version 6.4.11 or above Upgrade to FortiMail version 7.6.3 or above Upgrade to FortiMail version 7.4.5 or above Upgrade to FortiMail version 7.2.8 or above Upgrade to FortiMail version 7.0.9 or above

Workaround

No workaround given by the vendor.

References

Link	Providers
https://fortiguard.fortinet.com/psirt/FG-IR-25-254
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-32756

History

Wed, 14 Jan 2026 13:00:00 +0000

Type	Values Removed	Values Added
Description	A stack-based buffer overflow vulnerability [CWE-121] in Fortinet FortiVoice versions 7.2.0, 7.0.0 through 7.0.6, 6.4.0 through 6.4.10, FortiRecorder versions 7.2.0 through 7.2.3, 7.0.0 through 7.0.5, 6.4.0 through 6.4.5, FortiMail versions 7.6.0 through 7.6.2, 7.4.0 through 7.4.4, 7.2.0 through 7.2.7, 7.0.0 through 7.0.8, FortiNDR versions 7.6.0, 7.4.0 through 7.4.7, 7.2.0 through 7.2.4, 7.0.0 through 7.0.6, FortiCamera versions 2.1.0 through 2.1.3, 2.0 all versions, 1.1 all versions, allows a remote unauthenticated attacker to execute arbitrary code or commands via sending HTTP requests with specially crafted hash cookie.	A stack-based buffer overflow vulnerability [CWE-121] vulnerability in Fortinet FortiCamera 2.1.0 through 2.1.3, FortiCamera 2.0 all versions, FortiCamera 1.1 all versions, FortiMail 7.6.0 through 7.6.2, FortiMail 7.4.0 through 7.4.4, FortiMail 7.2.0 through 7.2.7, FortiMail 7.0.0 through 7.0.8, FortiNDR 7.6.0, FortiNDR 7.4.0 through 7.4.7, FortiNDR 7.2.0 through 7.2.4, FortiNDR 7.0.0 through 7.0.6, FortiRecorder 7.2.0 through 7.2.3, FortiRecorder 7.0.0 through 7.0.5, FortiRecorder 6.4.0 through 6.4.5, FortiVoice 7.2.0, FortiVoice 7.0.0 through 7.0.6, FortiVoice 6.4.0 through 6.4.10 allows a remote unauthenticated attacker to execute arbitrary code or commands via sending HTTP requests with specially crafted hash cookie.
CPEs		cpe:2.3:a:fortinet:fortindr:1.3.1:::::::* cpe:2.3:a:fortinet:fortindr:1.5.1:::::::* cpe:2.3:a:fortinet:fortindr:1.5.2:::::::* cpe:2.3:a:fortinet:fortindr:1.5.3:::::::* cpe:2.3:a:fortinet:fortindr:7.0.0:::::::* cpe:2.3:a:fortinet:fortindr:7.0.1:::::::* cpe:2.3:a:fortinet:fortindr:7.0.2:::::::* cpe:2.3:a:fortinet:fortindr:7.0.3:::::::* cpe:2.3:a:fortinet:fortindr:7.0.4:::::::* cpe:2.3:a:fortinet:fortindr:7.0.5:::::::* cpe:2.3:a:fortinet:fortindr:7.0.6:::::::* cpe:2.3:a:fortinet:fortindr:7.2.0:::::::* cpe:2.3:a:fortinet:fortindr:7.2.1:::::::* cpe:2.3:a:fortinet:fortindr:7.2.2:::::::* cpe:2.3:a:fortinet:fortindr:7.2.3:::::::* cpe:2.3:a:fortinet:fortindr:7.2.4:::::::* cpe:2.3:a:fortinet:fortindr:7.4.0:::::::* cpe:2.3:a:fortinet:fortindr:7.4.1:::::::* cpe:2.3:a:fortinet:fortindr:7.4.2:::::::* cpe:2.3:a:fortinet:fortindr:7.4.3:::::::* cpe:2.3:a:fortinet:fortindr:7.4.4:::::::* cpe:2.3:a:fortinet:fortindr:7.4.5:::::::* cpe:2.3:a:fortinet:fortindr:7.4.6:::::::* cpe:2.3:a:fortinet:fortindr:7.4.7:::::::*

Tue, 21 Oct 2025 23:15:00 +0000

Type	Values Removed	Values Added
References		https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-32756

Tue, 21 Oct 2025 20:30:00 +0000

Type	Values Removed	Values Added
References	https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-32756

Tue, 21 Oct 2025 19:30:00 +0000

Type	Values Removed	Values Added
References		https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-32756

Fri, 16 May 2025 20:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Fortinet forticamera Firmware Fortinet fortindr
Weaknesses		CWE-787
CPEs		cpe:2.3:a:fortinet:fortimail:::::::: cpe:2.3:a:fortinet:fortindr:::::::: cpe:2.3:a:fortinet:fortindr:1.1.0:::::::* cpe:2.3:a:fortinet:fortindr:1.2.0:::::::* cpe:2.3:a:fortinet:fortindr:1.3.0:::::::* cpe:2.3:a:fortinet:fortindr:1.4.0:::::::* cpe:2.3:a:fortinet:fortindr:1.5.0:::::::* cpe:2.3:a:fortinet:fortindr:7.1.0:::::::* cpe:2.3:a:fortinet:fortindr:7.1.1:::::::* cpe:2.3:a:fortinet:fortindr:7.6.0:::::::* cpe:2.3:a:fortinet:fortirecorder:::::::: cpe:2.3:a:fortinet:fortivoice:::::::: cpe:2.3:h:fortinet:forticamera:-:::::::* cpe:2.3:o:fortinet:forticamera_firmware::::::::
Vendors & Products		Fortinet forticamera Firmware Fortinet fortindr

Wed, 14 May 2025 23:15:00 +0000

Type	Values Removed	Values Added
Metrics		kev `{'dateAdded': '2025-05-14'}`

Wed, 14 May 2025 18:15:00 +0000

Type	Values Removed	Values Added
Metrics	ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`	ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'active', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Tue, 13 May 2025 16:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Tue, 13 May 2025 15:00:00 +0000

Type	Values Removed	Values Added
Description		A stack-based buffer overflow vulnerability [CWE-121] in Fortinet FortiVoice versions 7.2.0, 7.0.0 through 7.0.6, 6.4.0 through 6.4.10, FortiRecorder versions 7.2.0 through 7.2.3, 7.0.0 through 7.0.5, 6.4.0 through 6.4.5, FortiMail versions 7.6.0 through 7.6.2, 7.4.0 through 7.4.4, 7.2.0 through 7.2.7, 7.0.0 through 7.0.8, FortiNDR versions 7.6.0, 7.4.0 through 7.4.7, 7.2.0 through 7.2.4, 7.0.0 through 7.0.6, FortiCamera versions 2.1.0 through 2.1.3, 2.0 all versions, 1.1 all versions, allows a remote unauthenticated attacker to execute arbitrary code or commands via sending HTTP requests with specially crafted hash cookie.
First Time appeared		Fortinet Fortinet forticamera Fortinet fortimail Fortinet fortirecorder Fortinet fortivoice
Weaknesses		CWE-121
CPEs		cpe:2.3:a:fortinet:forticamera:1.1.0:::::::* cpe:2.3:a:fortinet:forticamera:1.1.1:::::::* cpe:2.3:a:fortinet:forticamera:1.1.2:::::::* cpe:2.3:a:fortinet:forticamera:1.1.3:::::::* cpe:2.3:a:fortinet:forticamera:1.1.4:::::::* cpe:2.3:a:fortinet:forticamera:1.1.5:::::::* cpe:2.3:a:fortinet:forticamera:2.0.0:::::::* cpe:2.3:a:fortinet:forticamera:2.1.0:::::::* cpe:2.3:a:fortinet:forticamera:2.1.1:::::::* cpe:2.3:a:fortinet:forticamera:2.1.2:::::::* cpe:2.3:a:fortinet:forticamera:2.1.3:::::::* cpe:2.3:a:fortinet:fortimail:7.0.0:::::::* cpe:2.3:a:fortinet:fortimail:7.0.1:::::::* cpe:2.3:a:fortinet:fortimail:7.0.2:::::::* cpe:2.3:a:fortinet:fortimail:7.0.3:::::::* cpe:2.3:a:fortinet:fortimail:7.0.4:::::::* cpe:2.3:a:fortinet:fortimail:7.0.5:::::::* cpe:2.3:a:fortinet:fortimail:7.0.6:::::::* cpe:2.3:a:fortinet:fortimail:7.0.7:::::::* cpe:2.3:a:fortinet:fortimail:7.0.8:::::::* cpe:2.3:a:fortinet:fortimail:7.2.0:::::::* cpe:2.3:a:fortinet:fortimail:7.2.1:::::::* cpe:2.3:a:fortinet:fortimail:7.2.2:::::::* cpe:2.3:a:fortinet:fortimail:7.2.3:::::::* cpe:2.3:a:fortinet:fortimail:7.2.4:::::::* cpe:2.3:a:fortinet:fortimail:7.2.5:::::::* cpe:2.3:a:fortinet:fortimail:7.2.6:::::::* cpe:2.3:a:fortinet:fortimail:7.2.7:::::::* cpe:2.3:a:fortinet:fortimail:7.4.0:::::::* cpe:2.3:a:fortinet:fortimail:7.4.1:::::::* cpe:2.3:a:fortinet:fortimail:7.4.2:::::::* cpe:2.3:a:fortinet:fortimail:7.4.3:::::::* cpe:2.3:a:fortinet:fortimail:7.4.4:::::::* cpe:2.3:a:fortinet:fortimail:7.6.0:::::::* cpe:2.3:a:fortinet:fortimail:7.6.1:::::::* cpe:2.3:a:fortinet:fortimail:7.6.2:::::::* cpe:2.3:a:fortinet:fortirecorder:6.4.0:::::::* cpe:2.3:a:fortinet:fortirecorder:6.4.1:::::::* cpe:2.3:a:fortinet:fortirecorder:6.4.2:::::::* cpe:2.3:a:fortinet:fortirecorder:6.4.3:::::::* cpe:2.3:a:fortinet:fortirecorder:6.4.4:::::::* cpe:2.3:a:fortinet:fortirecorder:6.4.5:::::::* cpe:2.3:a:fortinet:fortirecorder:7.0.0:::::::* cpe:2.3:a:fortinet:fortirecorder:7.0.1:::::::* cpe:2.3:a:fortinet:fortirecorder:7.0.2:::::::* cpe:2.3:a:fortinet:fortirecorder:7.0.3:::::::* cpe:2.3:a:fortinet:fortirecorder:7.0.4:::::::* cpe:2.3:a:fortinet:fortirecorder:7.0.5:::::::* cpe:2.3:a:fortinet:fortirecorder:7.2.0:::::::* cpe:2.3:a:fortinet:fortirecorder:7.2.1:::::::* cpe:2.3:a:fortinet:fortirecorder:7.2.2:::::::* cpe:2.3:a:fortinet:fortirecorder:7.2.3:::::::* cpe:2.3:a:fortinet:fortivoice:6.4.0:::::::* cpe:2.3:a:fortinet:fortivoice:6.4.10:::::::* cpe:2.3:a:fortinet:fortivoice:6.4.1:::::::* cpe:2.3:a:fortinet:fortivoice:6.4.2:::::::* cpe:2.3:a:fortinet:fortivoice:6.4.3:::::::* cpe:2.3:a:fortinet:fortivoice:6.4.4:::::::* cpe:2.3:a:fortinet:fortivoice:6.4.5:::::::* cpe:2.3:a:fortinet:fortivoice:6.4.6:::::::* cpe:2.3:a:fortinet:fortivoice:6.4.7:::::::* cpe:2.3:a:fortinet:fortivoice:6.4.8:::::::* cpe:2.3:a:fortinet:fortivoice:6.4.9:::::::* cpe:2.3:a:fortinet:fortivoice:7.0.0:::::::* cpe:2.3:a:fortinet:fortivoice:7.0.1:::::::* cpe:2.3:a:fortinet:fortivoice:7.0.2:::::::* cpe:2.3:a:fortinet:fortivoice:7.0.3:::::::* cpe:2.3:a:fortinet:fortivoice:7.0.4:::::::* cpe:2.3:a:fortinet:fortivoice:7.0.5:::::::* cpe:2.3:a:fortinet:fortivoice:7.0.6:::::::* cpe:2.3:a:fortinet:fortivoice:7.2.0:::::::*
Vendors & Products		Fortinet Fortinet forticamera Fortinet fortimail Fortinet fortirecorder Fortinet fortivoice
References		https://fortiguard.fortinet.com/psirt/FG-IR-25-254
Metrics		cvssV3_1 `{'score': 9.6, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:X/RC:C'}`

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: fortinet

Published: 2025-05-13T14:46:44.208Z

Updated: 2026-01-15T12:54:22.845Z

Reserved: 2025-04-10T08:12:12.347Z

Link: CVE-2025-32756

Vulnrichment

Updated: 2025-05-13T15:15:36.229Z

NVD

Status : Analyzed

Published: 2025-05-13T15:15:57.113

Modified: 2026-01-14T19:18:55.170

Link: CVE-2025-32756

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Exploitation active

Automatable yes

Technical Impact total

Affected Vendors & Products

Projects

JSON object

JSON object

JSON object

JSON object

JSON object