← back
CVE-2025-32756

CVE-2025-32756

CVSS 9.6 CRITICALEPSS 31.4%● KEVCWE-121
In short

A flaw in multiple Fortinet products allows an attacker to send specially crafted data that overflows memory on the server, potentially taking control of the system. This happens without needing to log in, making it easy to exploit remotely.

Technical detail

Stack-based buffer overflow (CWE-121) in Fortinet FortiCamera, FortiMail, FortiNDR, FortiRecorder, and FortiVoice triggered via malicious HTTP hash cookies sent to unauthenticated endpoints. Successful exploitation enables remote code execution with system privileges, affecting multiple version lines across the product suite.

Summary generated and translated by AI from the official description.
A stack-based buffer overflow vulnerability [CWE-121] vulnerability in Fortinet FortiCamera 2.1.0 through 2.1.3, FortiCamera 2.0 all versions, FortiCamera 1.1 all versions, FortiMail 7.6.0 through 7.6.2, FortiMail 7.4.0 through 7.4.4, FortiMail 7.2.0 through 7.2.7, FortiMail 7.0.0 through 7.0.8, FortiNDR 7.6.0, FortiNDR 7.4.0 through 7.4.7, FortiNDR 7.2.0 through 7.2.4, FortiNDR 7.0.0 through 7.0.6, FortiRecorder 7.2.0 through 7.2.3, FortiRecorder 7.0.0 through 7.0.5, FortiRecorder 6.4.0 through 6.4.5, FortiVoice 7.2.0, FortiVoice 7.0.0 through 7.0.6, FortiVoice 6.4.0 through 6.4.10 allows a remote unauthenticated attacker to execute arbitrary code or commands via sending HTTP requests with specially crafted hash cookie.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:X/RC:C
Affected products
Fortinet · FortiCameraFortinet · FortiMailFortinet · FortiNDRFortinet · FortiRecorderFortinet · FortiVoice
public PoCs found5
githubgithub.com/kn0x0x/CVE-2025-32756-POC198githubgithub.com/exfil0/CVE-2025-32756-POC4githubgithub.com/alm6no5/CVE-2025-32756-POC0githubgithub.com/becrevex/CVE-2025-327560githubgithub.com/shan0ar/cve-2025-327560
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://fortiguard.fortinet.com/psirt/FG-IR-25-254https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-32756