CVE-2025-32756

Summary

A stack-based buffer overflow vulnerability [CWE-121] vulnerability in Fortinet FortiCamera 2.1.0 through 2.1.3, FortiCamera 2.0 all versions, FortiCamera 1.1 all versions, FortiMail 7.6.0 through 7.6.2, FortiMail 7.4.0 through 7.4.4, FortiMail 7.2.0 through 7.2.7, FortiMail 7.0.0 through 7.0.8, FortiNDR 7.6.0, FortiNDR 7.4.0 through 7.4.7, FortiNDR 7.2.0 through 7.2.4, FortiNDR 7.0.0 through 7.0.6, FortiRecorder 7.2.0 through 7.2.3, FortiRecorder 7.0.0 through 7.0.5, FortiRecorder 6.4.0 through 6.4.5, FortiVoice 7.2.0, FortiVoice 7.0.0 through 7.0.6, FortiVoice 6.4.0 through 6.4.10 allows a remote unauthenticated attacker to execute arbitrary code or commands via sending HTTP requests with specially crafted hash cookie.

Affected Software

VendorProductVersion RangeStatus
FortinetFortiNDR7.6.0affected
FortinetFortiNDR7.4.0 <= 7.4.7affected
FortinetFortiNDR7.2.0 <= 7.2.4affected
FortinetFortiNDR7.1.0 <= 7.1.1affected
FortinetFortiNDR7.0.0 <= 7.0.6affected
FortinetFortiNDR1.5.0 <= 1.5.3affected
FortinetFortiNDR1.4.0affected
FortinetFortiNDR1.3.0 <= 1.3.1affected
FortinetFortiNDR1.2.0affected
FortinetFortiNDR1.1.0affected
FortinetFortiCamera2.1.0 <= 2.1.3affected
FortinetFortiCamera2.0.0affected
FortinetFortiCamera1.1.0 <= 1.1.5affected
FortinetFortiRecorder7.2.0 <= 7.2.3affected
FortinetFortiRecorder7.0.0 <= 7.0.5affected
FortinetFortiRecorder6.4.0 <= 6.4.5affected
FortinetFortiVoice7.2.0affected
FortinetFortiVoice7.0.0 <= 7.0.6affected
FortinetFortiVoice6.4.0 <= 6.4.10affected
FortinetFortiMail7.6.0 <= 7.6.2affected
FortinetFortiMail7.4.0 <= 7.4.4affected
FortinetFortiMail7.2.0 <= 7.2.7affected
FortinetFortiMail7.0.0 <= 7.0.8affected

Weaknesses

  • CWE-121: Execute unauthorized code or commands

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: active
    • Automatable: yes
    • Technical Impact: total

Additional References

References