CVE-2025-32756

⛔ critical

Summary

Description

A stack-based buffer overflow vulnerability [CWE-121] vulnerability in Fortinet FortiCamera 2.1.0 through 2.1.3, FortiCamera 2.0 all versions, FortiCamera 1.1 all versions, FortiMail 7.6.0 through 7.6.2, FortiMail 7.4.0 through 7.4.4, FortiMail 7.2.0 through 7.2.7, FortiMail 7.0.0 through 7.0.8, FortiNDR 7.6.0, FortiNDR 7.4.0 through 7.4.7, FortiNDR 7.2.0 through 7.2.4, FortiNDR 7.0.0 through 7.0.6, FortiRecorder 7.2.0 through 7.2.3, FortiRecorder 7.0.0 through 7.0.5, FortiRecorder 6.4.0 through 6.4.5, FortiVoice 7.2.0, FortiVoice 7.0.0 through 7.0.6, FortiVoice 6.4.0 through 6.4.10 allows a remote unauthenticated attacker to execute arbitrary code or commands via sending HTTP requests with specially crafted hash cookie.

CVSS Score

9.8

Critical

EPSS Score

33.1

Exploit Probability

Published Date

2025-05-13

First Seen: 2026-01-05

📊 Relative Risk Intelligence

This CVE is Very High Risk - more severe than 90.5% of all 326,604 vulnerabilities in our database.

#31,067

Top 10% most severe

Severity Percentile

🎯 CISA SSVC Assessment Updated: May 15, 2025

🔍 Exploitation Status

Active

Exploits detected in the wild

⚙️ Automatable

YES

Can be exploited automatically

💥 Technical Impact

Total

Complete system compromise possible

SSVC data provided by CISA

Last Modified 2026-01-14

Source NVD 🔗

CVSS Vector 3.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE IDs (Weakness Types)

CWE-121 CWE-787

📦 Affected Products 23

Vendor	Product	Status	Affected Versions
fortinet	fortimail	Affected	≥ 7.0.0 < 7.0.9
fortinet	fortimail	Affected	≥ 7.2.0 < 7.2.8
fortinet	fortimail	Affected	≥ 7.4.0 < 7.4.5
fortinet	fortimail	Affected	≥ 7.6.0 < 7.6.3
fortinet	fortivoice	Affected	≥ 6.4.0 < 6.4.11
fortinet	fortivoice	Affected	≥ 7.0.0 < 7.0.7
fortinet	fortivoice	Affected	v7.2.0
fortinet	fortindr	Affected	≥ 7.0.0 < 7.0.7
fortinet	fortindr	Affected	≥ 7.2.0 < 7.2.5
fortinet	fortindr	Affected	≥ 7.4.0 < 7.4.8
fortinet	fortindr	Affected	v1.1.0
fortinet	fortindr	Affected	v1.2.0
fortinet	fortindr	Affected	v1.3.0
fortinet	fortindr	Affected	v1.4.0
fortinet	fortindr	Affected	v1.5.0
fortinet	fortindr	Affected	v7.1.0
fortinet	fortindr	Affected	v7.1.1
fortinet	fortindr	Affected	v7.6.0
fortinet	fortirecorder	Affected	≥ 6.4.0 < 6.4.6
fortinet	fortirecorder	Affected	≥ 7.0.0 < 7.0.6
fortinet	fortirecorder	Affected	≥ 7.2.0 < 7.2.4
fortinet	forticamera_firmware	Affected	≥ 1.1.0 ≤ 1.1.5
fortinet	forticamera_firmware	Affected	≥ 2.0.0 ≤ 2.1.3

🔗 References 2

https://fortiguard.fortinet.com/psirt/FG-IR-25-254

Vendor Advisory

https://www.cisa.gov/known-exploited-vulnerabilities...

US Government Resource

🔗 Related CVEs 6

CVE ID	Severity	CVSS	EPSS	Summary	Published
CVE-2025-53681	⚠️ high	7.2	0.0	An improper neutralization of special elements used in an SQL Command ("SQL Injection&") vulnerability [CWE-89] vulnerab...	2026-05-12
CVE-2026-25088	🔶 medium	5.4	0.0	An improper neutralization of special elements used in an sql command ('sql injection') vulnerability in Fortinet FortiN...	2026-05-12
CVE-2024-23104	🔶 medium	5.4	0.0	An exposure of sensitive information to an unauthorized actor vulnerability in Fortinet FortiNDR 7.6.0, FortiNDR 7.4.0 t...	2026-04-14
CVE-2025-55717	🔶 medium	4.0	0.0	A cleartext storage of sensitive information vulnerability [CWE-312] vulnerability in Fortinet FortiMail 7.6.0 through 7...	2026-03-10
CVE-2025-58693	🔶 medium	6.5	0.2	An improper limitation of a pathname to a restricted directory ('path traversal') vulnerability in Fortinet FortiVoice 7...	2026-01-13
CVE-2025-60024	⚠️ high	8.8	0.1	Multiple Improper Limitations of a Pathname to a Restricted Directory ('Path Traversal') vulnerabilities [CWE-22] vulner...	2025-12-09

These CVEs affect the same products