certfr_alerte - CERTFR-2025-ALE-006

CERTFR-2025-ALE-006

Vulnerability from certfr_alerte

Le 13 mai 2025, Fortinet a publié un avis de sécurité concernant la vulnérabilité CVE-2025-32756. Celle-ci permet à un attaquant non authentifié d'exécuter du code arbitraire à distance.

L'éditeur indique que cette vulnérabilité est activement exploitée. Les exploitations constatées jusqu'ici concernent les produits FortiVoice.

Fortinet fournit également des marqueurs de compromission à rechercher.

Solutions

Le CERT-FR recommande l'application des correctifs dans les plus brefs délais, se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Si cela n'est pas possible, l'éditeur recommande de désactiver l'interface de gestion. Le CERT-FR rappelle que l'exposition d'une interface de gestion sur Internet est contraire aux bonnes pratiques.

Impacted products

Vendor	Product	Description
Fortinet	FortiRecorder	FortiRecorder versions 7.0.x antérieures à 7.0.6
Fortinet	FortiRecorder	FortiRecorder versions 7.2.x antérieures à 7.2.4
Fortinet	FortiVoice	FortiVoice versions 7.2.x antérieures à 7.2.1
Fortinet	FortiMail	FortiMail versions 7.4.x antérieures à 7.4.5
Fortinet	FortiCamera	FortiCamera versions antérieures à 2.1.4
Fortinet	FortiMail	FortiMail versions 7.0.x antérieures à 7.0.9
Fortinet	FortiNDR	FortiNDR versions 7.6.x antérieures à 7.6.1
Fortinet	FortiNDR	FortiNDR versions 7.4.x antérieures à 7.4.8
Fortinet	FortiVoice	FortiVoice versions 6.4.x antérieures à 6.4.11
Fortinet	FortiNDR	FortiNDR versions antérieures à 7.0.7
Fortinet	FortiNDR	FortiNDR versions 7.1.x à 7.2.x antérieures à 7.2.5
Fortinet	FortiRecorder	FortiRecorder versions 6.4.x antérieures à 6.4.6
Fortinet	FortiMail	FortiMail versions 7.2.x antérieures à 7.2.8
Fortinet	FortiVoice	FortiVoice versions 7.0.x antérieures à 7.0.7
Fortinet	FortiMail	FortiMail versions 7.6.x antérieures à 7.6.3

References

Title

Publication Time

Tags

Bulletin de sécurité Fortinet FG-IR-25-254	2025-05-13	vendor-advisory
Avis CERT-FR CERTFR-2025-AVI-0399 du 13 mai 2025	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "FortiRecorder versions 7.0.x ant\u00e9rieures \u00e0 7.0.6",
      "product": {
        "name": "FortiRecorder",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiRecorder versions 7.2.x ant\u00e9rieures \u00e0 7.2.4",
      "product": {
        "name": "FortiRecorder",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiVoice versions 7.2.x ant\u00e9rieures \u00e0 7.2.1",
      "product": {
        "name": "FortiVoice",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiMail versions 7.4.x ant\u00e9rieures \u00e0 7.4.5",
      "product": {
        "name": "FortiMail",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiCamera versions ant\u00e9rieures \u00e0 2.1.4",
      "product": {
        "name": "FortiCamera",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiMail versions 7.0.x ant\u00e9rieures \u00e0 7.0.9",
      "product": {
        "name": "FortiMail",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiNDR versions 7.6.x ant\u00e9rieures \u00e0 7.6.1",
      "product": {
        "name": "FortiNDR",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiNDR versions 7.4.x ant\u00e9rieures \u00e0 7.4.8",
      "product": {
        "name": "FortiNDR",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiVoice versions 6.4.x ant\u00e9rieures \u00e0 6.4.11",
      "product": {
        "name": "FortiVoice",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiNDR versions ant\u00e9rieures \u00e0 7.0.7",
      "product": {
        "name": "FortiNDR",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiNDR versions 7.1.x \u00e0 7.2.x ant\u00e9rieures \u00e0 7.2.5",
      "product": {
        "name": "FortiNDR",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiRecorder versions 6.4.x ant\u00e9rieures \u00e0 6.4.6",
      "product": {
        "name": "FortiRecorder",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiMail versions 7.2.x ant\u00e9rieures \u00e0 7.2.8",
      "product": {
        "name": "FortiMail",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiVoice versions 7.0.x ant\u00e9rieures \u00e0 7.0.7",
      "product": {
        "name": "FortiVoice",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiMail versions 7.6.x ant\u00e9rieures \u00e0 7.6.3",
      "product": {
        "name": "FortiMail",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "closed_at": "2025-06-24",
  "content": "## Solutions\n\nLe CERT-FR recommande l\u0027application des correctifs dans les plus brefs d\u00e9lais, se r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).\n\n Si cela n\u0027est pas possible, l\u0027\u00e9diteur recommande de d\u00e9sactiver l\u0027interface de gestion. Le CERT-FR rappelle que l\u0027exposition d\u0027une interface de gestion sur Internet est contraire aux bonnes pratiques.",
  "cves": [
    {
      "name": "CVE-2025-32756",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-32756"
    }
  ],
  "initial_release_date": "2025-05-13T00:00:00",
  "last_revision_date": "2025-06-24T00:00:00",
  "links": [
    {
      "title": "Avis CERT-FR CERTFR-2025-AVI-0399 du 13 mai 2025",
      "url": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2025-AVI-0399/"
    }
  ],
  "reference": "CERTFR-2025-ALE-006",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2025-05-13T00:00:00.000000"
    },
    {
      "description": " Cl\u00f4ture de l\u0027alerte. Cela ne signifie pas la fin d\u0027une menace. Seule l\u0027application de la mise \u00e0 jour permet de vous pr\u00e9munir contre l\u0027exploitation de la vuln\u00e9rabilit\u00e9 correspondante.",
      "revision_date": "2025-06-24T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "Le 13 mai 2025, Fortinet a publi\u00e9 un avis de s\u00e9curit\u00e9 concernant la vuln\u00e9rabilit\u00e9 CVE-2025-32756.  Celle-ci permet \u00e0 un attaquant non authentifi\u00e9 d\u0027ex\u00e9cuter du code arbitraire \u00e0 distance.\n\nL\u0027\u00e9diteur indique que cette vuln\u00e9rabilit\u00e9 est activement exploit\u00e9e. Les exploitations constat\u00e9es jusqu\u0027ici concernent les produits FortiVoice.\n\nFortinet fournit \u00e9galement des marqueurs de compromission \u00e0 rechercher.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans les produits Fortinet",
  "vendor_advisories": [
    {
      "published_at": "2025-05-13",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-254",
      "url": "https://www.fortiguard.com/psirt/FG-IR-25-254"
    }
  ]
}

CVE-2025-32756 (GCVE-0-2025-32756)

Vulnerability from cvelistv5

Published

2025-05-13 14:46

Modified

2025-07-30 01:36

Severity ?

9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RC:C

CWE

CWE-121 - Execute unauthorized code or commands

Summary

A stack-based buffer overflow vulnerability [CWE-121] in Fortinet FortiVoice versions 7.2.0, 7.0.0 through 7.0.6, 6.4.0 through 6.4.10, FortiRecorder versions 7.2.0 through 7.2.3, 7.0.0 through 7.0.5, 6.4.0 through 6.4.5, FortiMail versions 7.6.0 through 7.6.2, 7.4.0 through 7.4.4, 7.2.0 through 7.2.7, 7.0.0 through 7.0.8, FortiNDR versions 7.6.0, 7.4.0 through 7.4.7, 7.2.0 through 7.2.4, 7.0.0 through 7.0.6, FortiCamera versions 2.1.0 through 2.1.3, 2.0 all versions, 1.1 all versions, allows a remote unauthenticated attacker to execute arbitrary code or commands via sending HTTP requests with specially crafted hash cookie.

References

URL

Tags

https://fortiguard.fortinet.com/psirt/FG-IR-25-254

Impacted products

Vendor

Product

Version

Fortinet

FortiVoice

Version: 7.2.0
Version: 7.0.0   ≤ 7.0.6
Version: 6.4.0   ≤ 6.4.10
    cpe:2.3:a:fortinet:fortivoice:7.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortivoice:7.0.6:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortivoice:7.0.5:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortivoice:7.0.4:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortivoice:7.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortivoice:7.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortivoice:7.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortivoice:7.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortivoice:6.4.10:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortivoice:6.4.9:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortivoice:6.4.8:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortivoice:6.4.7:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortivoice:6.4.6:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortivoice:6.4.5:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortivoice:6.4.4:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortivoice:6.4.3:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortivoice:6.4.2:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortivoice:6.4.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortivoice:6.4.0:*:*:*:*:*:*:*

Fortinet	FortiRecorder	Version: 7.2.0 ≤ 7.2.3 Version: 7.0.0 ≤ 7.0.5 Version: 6.4.0 ≤ 6.4.5 cpe:2.3:a:fortinet:fortirecorder:7.2.3:::::::* cpe:2.3:a:fortinet:fortirecorder:7.2.2:::::::* cpe:2.3:a:fortinet:fortirecorder:7.2.1:::::::* cpe:2.3:a:fortinet:fortirecorder:7.2.0:::::::* cpe:2.3:a:fortinet:fortirecorder:7.0.5:::::::* cpe:2.3:a:fortinet:fortirecorder:7.0.4:::::::* cpe:2.3:a:fortinet:fortirecorder:7.0.3:::::::* cpe:2.3:a:fortinet:fortirecorder:7.0.2:::::::* cpe:2.3:a:fortinet:fortirecorder:7.0.1:::::::* cpe:2.3:a:fortinet:fortirecorder:7.0.0:::::::* cpe:2.3:a:fortinet:fortirecorder:6.4.5:::::::* cpe:2.3:a:fortinet:fortirecorder:6.4.4:::::::* cpe:2.3:a:fortinet:fortirecorder:6.4.3:::::::* cpe:2.3:a:fortinet:fortirecorder:6.4.2:::::::* cpe:2.3:a:fortinet:fortirecorder:6.4.1:::::::* cpe:2.3:a:fortinet:fortirecorder:6.4.0:::::::*
Fortinet	FortiMail	Version: 7.6.0 ≤ 7.6.2 Version: 7.4.0 ≤ 7.4.4 Version: 7.2.0 ≤ 7.2.7 Version: 7.0.0 ≤ 7.0.8 cpe:2.3:a:fortinet:fortimail:7.6.2:::::::* cpe:2.3:a:fortinet:fortimail:7.6.1:::::::* cpe:2.3:a:fortinet:fortimail:7.6.0:::::::* cpe:2.3:a:fortinet:fortimail:7.4.4:::::::* cpe:2.3:a:fortinet:fortimail:7.4.3:::::::* cpe:2.3:a:fortinet:fortimail:7.4.2:::::::* cpe:2.3:a:fortinet:fortimail:7.4.1:::::::* cpe:2.3:a:fortinet:fortimail:7.4.0:::::::* cpe:2.3:a:fortinet:fortimail:7.2.7:::::::* cpe:2.3:a:fortinet:fortimail:7.2.6:::::::* cpe:2.3:a:fortinet:fortimail:7.2.5:::::::* cpe:2.3:a:fortinet:fortimail:7.2.4:::::::* cpe:2.3:a:fortinet:fortimail:7.2.3:::::::* cpe:2.3:a:fortinet:fortimail:7.2.2:::::::* cpe:2.3:a:fortinet:fortimail:7.2.1:::::::* cpe:2.3:a:fortinet:fortimail:7.2.0:::::::* cpe:2.3:a:fortinet:fortimail:7.0.8:::::::* cpe:2.3:a:fortinet:fortimail:7.0.7:::::::* cpe:2.3:a:fortinet:fortimail:7.0.6:::::::* cpe:2.3:a:fortinet:fortimail:7.0.5:::::::* cpe:2.3:a:fortinet:fortimail:7.0.4:::::::* cpe:2.3:a:fortinet:fortimail:7.0.3:::::::* cpe:2.3:a:fortinet:fortimail:7.0.2:::::::* cpe:2.3:a:fortinet:fortimail:7.0.1:::::::* cpe:2.3:a:fortinet:fortimail:7.0.0:::::::*
Fortinet	FortiNDR	Version: 7.6.0 Version: 7.4.0 ≤ 7.4.7 Version: 7.2.0 ≤ 7.2.4 Version: 7.1.0 ≤ 7.1.1 Version: 7.0.0 ≤ 7.0.6 Version: 1.5.0 ≤ 1.5.3 Version: 1.4.0 Version: 1.3.0 ≤ 1.3.1 Version: 1.2.0 Version: 1.1.0
Fortinet	FortiCamera	Version: 2.1.0 ≤ 2.1.3 Version: 2.0.0 Version: 1.1.0 ≤ 1.1.5 cpe:2.3:a:fortinet:forticamera:2.1.3:::::::* cpe:2.3:a:fortinet:forticamera:2.1.2:::::::* cpe:2.3:a:fortinet:forticamera:2.1.1:::::::* cpe:2.3:a:fortinet:forticamera:2.1.0:::::::* cpe:2.3:a:fortinet:forticamera:2.0.0:::::::* cpe:2.3:a:fortinet:forticamera:1.1.5:::::::* cpe:2.3:a:fortinet:forticamera:1.1.4:::::::* cpe:2.3:a:fortinet:forticamera:1.1.3:::::::* cpe:2.3:a:fortinet:forticamera:1.1.2:::::::* cpe:2.3:a:fortinet:forticamera:1.1.1:::::::* cpe:2.3:a:fortinet:forticamera:1.1.0:::::::*

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-32756",
                "options": [
                  {
                    "Exploitation": "active"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-05-15T04:01:18.017087Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          },
          {
            "other": {
              "content": {
                "dateAdded": "2025-05-14",
                "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-32756"
              },
              "type": "kev"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-07-30T01:36:12.999Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "timeline": [
          {
            "lang": "en",
            "time": "2025-05-14T00:00:00+00:00",
            "value": "CVE-2025-32756 added to CISA KEV"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:fortinet:fortivoice:7.2.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortivoice:7.0.6:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortivoice:7.0.5:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortivoice:7.0.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortivoice:7.0.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortivoice:7.0.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortivoice:7.0.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortivoice:7.0.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortivoice:6.4.10:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortivoice:6.4.9:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortivoice:6.4.8:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortivoice:6.4.7:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortivoice:6.4.6:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortivoice:6.4.5:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortivoice:6.4.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortivoice:6.4.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortivoice:6.4.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortivoice:6.4.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortivoice:6.4.0:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "FortiVoice",
          "vendor": "Fortinet",
          "versions": [
            {
              "status": "affected",
              "version": "7.2.0"
            },
            {
              "lessThanOrEqual": "7.0.6",
              "status": "affected",
              "version": "7.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.4.10",
              "status": "affected",
              "version": "6.4.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:fortinet:fortirecorder:7.2.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortirecorder:7.2.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortirecorder:7.2.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortirecorder:7.2.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortirecorder:7.0.5:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortirecorder:7.0.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortirecorder:7.0.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortirecorder:7.0.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortirecorder:7.0.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortirecorder:7.0.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortirecorder:6.4.5:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortirecorder:6.4.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortirecorder:6.4.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortirecorder:6.4.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortirecorder:6.4.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortirecorder:6.4.0:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "FortiRecorder",
          "vendor": "Fortinet",
          "versions": [
            {
              "lessThanOrEqual": "7.2.3",
              "status": "affected",
              "version": "7.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.0.5",
              "status": "affected",
              "version": "7.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.4.5",
              "status": "affected",
              "version": "6.4.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:fortinet:fortimail:7.6.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:7.6.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:7.6.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:7.4.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:7.4.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:7.4.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:7.4.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:7.4.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:7.2.7:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:7.2.6:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:7.2.5:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:7.2.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:7.2.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:7.2.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:7.2.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:7.2.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:7.0.8:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:7.0.7:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:7.0.6:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:7.0.5:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:7.0.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:7.0.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:7.0.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:7.0.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortimail:7.0.0:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "FortiMail",
          "vendor": "Fortinet",
          "versions": [
            {
              "lessThanOrEqual": "7.6.2",
              "status": "affected",
              "version": "7.6.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.4.4",
              "status": "affected",
              "version": "7.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.2.7",
              "status": "affected",
              "version": "7.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.0.8",
              "status": "affected",
              "version": "7.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "cpes": [],
          "defaultStatus": "unaffected",
          "product": "FortiNDR",
          "vendor": "Fortinet",
          "versions": [
            {
              "status": "affected",
              "version": "7.6.0"
            },
            {
              "lessThanOrEqual": "7.4.7",
              "status": "affected",
              "version": "7.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.2.4",
              "status": "affected",
              "version": "7.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.1.1",
              "status": "affected",
              "version": "7.1.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.0.6",
              "status": "affected",
              "version": "7.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "1.5.3",
              "status": "affected",
              "version": "1.5.0",
              "versionType": "semver"
            },
            {
              "status": "affected",
              "version": "1.4.0"
            },
            {
              "lessThanOrEqual": "1.3.1",
              "status": "affected",
              "version": "1.3.0",
              "versionType": "semver"
            },
            {
              "status": "affected",
              "version": "1.2.0"
            },
            {
              "status": "affected",
              "version": "1.1.0"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:fortinet:forticamera:2.1.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:forticamera:2.1.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:forticamera:2.1.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:forticamera:2.1.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:forticamera:2.0.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:forticamera:1.1.5:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:forticamera:1.1.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:forticamera:1.1.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:forticamera:1.1.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:forticamera:1.1.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:forticamera:1.1.0:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "FortiCamera",
          "vendor": "Fortinet",
          "versions": [
            {
              "lessThanOrEqual": "2.1.3",
              "status": "affected",
              "version": "2.1.0",
              "versionType": "semver"
            },
            {
              "status": "affected",
              "version": "2.0.0"
            },
            {
              "lessThanOrEqual": "1.1.5",
              "status": "affected",
              "version": "1.1.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A stack-based buffer overflow vulnerability [CWE-121] in Fortinet FortiVoice versions 7.2.0, 7.0.0 through 7.0.6, 6.4.0 through 6.4.10, FortiRecorder versions 7.2.0 through 7.2.3, 7.0.0 through 7.0.5, 6.4.0 through 6.4.5, FortiMail versions 7.6.0 through 7.6.2, 7.4.0 through 7.4.4, 7.2.0 through 7.2.7, 7.0.0 through 7.0.8, FortiNDR versions 7.6.0, 7.4.0 through 7.4.7, 7.2.0 through 7.2.4, 7.0.0 through 7.0.6, FortiCamera versions 2.1.0 through 2.1.3, 2.0 all versions, 1.1 all versions, allows a remote unauthenticated attacker to execute arbitrary code or commands via sending HTTP requests with specially crafted hash cookie."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.6,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:X/RC:C",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-121",
              "description": "Execute unauthorized code or commands",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-13T14:46:44.208Z",
        "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "shortName": "fortinet"
      },
      "references": [
        {
          "name": "https://fortiguard.fortinet.com/psirt/FG-IR-25-254",
          "url": "https://fortiguard.fortinet.com/psirt/FG-IR-25-254"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Please upgrade to FortiVoice version 7.2.1 or above \nPlease upgrade to FortiVoice version 7.0.7 or above \nPlease upgrade to FortiVoice version 6.4.11 or above \nPlease upgrade to FortiRecorder version 7.2.4 or above \nPlease upgrade to FortiRecorder version 7.0.6 or above \nPlease upgrade to FortiRecorder version 6.4.6 or above \nPlease upgrade to FortiMail version 7.6.3 or above \nPlease upgrade to FortiMail version 7.4.5 or above \nPlease upgrade to FortiMail version 7.2.8 or above \nPlease upgrade to FortiMail version 7.0.9 or above \nPlease upgrade to FortiNDR version 7.6.1 or above \nPlease upgrade to FortiNDR version 7.4.8 or above \nPlease upgrade to FortiNDR version 7.2.5 or above \nPlease upgrade to FortiNDR version 7.0.7 or above \nPlease upgrade to FortiCamera version 2.1.4 or above"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
    "assignerShortName": "fortinet",
    "cveId": "CVE-2025-32756",
    "datePublished": "2025-05-13T14:46:44.208Z",
    "dateReserved": "2025-04-10T08:12:12.347Z",
    "dateUpdated": "2025-07-30T01:36:12.999Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CERTFR-2025-ALE-006

Vulnerability from certfr_alerte

Solutions

CVE-2025-32756 (GCVE-0-2025-32756)

Vulnerability from cvelistv5

Tags

Sightings

Nomenclature