On May 13, 2025, Fortinet disclosed CVE-2025-32756, an unauthenticated stack-based buffer overflow affecting multiple Fortinet products; including FortiVoice, FortiRecorder, FortiNDR, FortiMail, and FortiCamera. The vulnerability is rated as CVSS 9.6 (Critical), and allows an unauthenticated remote attacker to achieve remote code execution (RCE) against a vulnerable target.
Fortinet has disclosed that this vulnerability has been exploited in the wild by a threat actor who is targeting vulnerable FortiVoice appliances. No threat actor attribution has been made at this time. FortiVoice is an enterprise unified communication (UC) platform, providing communications services such as calling, conferencing, and chat. The Fortinet Product Security Team made this discovery based on observed threat activity. This threat activity included additional network scanning, credential logging, and log file wiping. Several IOCs have been published in the vendor advisory to assist customers in threat hunting.
Mitigation guidance
Fortinet have provided patches for affected versions under support, and guidance for unsupported versions to migrate to a fixed version. Customers are advised to follow the vendor guidance, and remediate this vulnerability by upgrading to a fixed version on an urgent basis, as outlined below.
FortiVoice 7.2 should be upgraded to 7.2.1 or aboveFortiVoice 7.0 should be upgraded to 7.0.7 or aboveFortiVoice 6.4 should be upgraded to 6.4.11 or aboveFortiRecorder 7.2 should be upgraded to 7.2.4 ..Support the originator by clicking the read the rest link below.
