CRITICAL🚩 CISA KEV⚡ EXPLOIT🇵🇱 Wersja polska

CVE-2025-32756

CVSS 9.8v3.1pub. 2025-05-13upd. 2026-01-14

A stack-based buffer overflow vulnerability [CWE-121] vulnerability in Fortinet FortiCamera 2.1.0 through 2.1.3, FortiCamera 2.0 all versions, FortiCamera 1.1 all versions, FortiMail 7.6.0 through 7.6.2, FortiMail 7.4.0 through 7.4.4, FortiMail 7.2.0 through 7.2.7, FortiMail 7.0.0 through 7.0.8, FortiNDR 7.6.0, FortiNDR 7.4.0 through 7.4.7, FortiNDR 7.2.0 through 7.2.4, FortiNDR 7.0.0 through 7.0.6, FortiRecorder 7.2.0 through 7.2.3, FortiRecorder 7.0.0 through 7.0.5, FortiRecorder 6.4.0 through 6.4.5, FortiVoice 7.2.0, FortiVoice 7.0.0 through 7.0.6, FortiVoice 6.4.0 through 6.4.10 allows a remote unauthenticated attacker to execute arbitrary code or commands via sending HTTP requests with specially crafted hash cookie.

🤖 AI Analysis
How it works

An attacker sends a specially crafted HTTP request containing a maliciously constructed hash cookie value. Improper handling of this value causes a stack-based buffer overflow (CWE-121 / CWE-787), which enables overwriting of process memory areas. The attack does not require any authentication or user interaction — network access to the vulnerable HTTP interface is sufficient.

Impact

Successful exploitation of the vulnerability allows an attacker to execute arbitrary code or system commands with the privileges of the vulnerable process, which in practice means complete takeover of the device.

Mitigation & patch

Immediately apply patches available from the manufacturer in accordance with the official Fortinet security advisory (FG-IR-25-254) available at https://fortiguard.fortinet.com/psirt/FG-IR-25-254. Until the patch is implemented, consider restricting access to HTTP interfaces of vulnerable devices to trusted IP addresses only and increase monitoring of network traffic.

Who is affected

FortiCamera 1.1 (all versions), FortiCamera 2.0 (all versions), FortiCamera 2.1.0–2.1.3; FortiMail 7.0.0–7.0.8, 7.2.0–7.2.7, 7.4.0–7.4.4, 7.6.0–7.6.2; FortiNDR 7.0.0–7.0.6, 7.2.0–7.2.4, 7.4.0–7.4.7, 7.6.0; FortiRecorder 6.4.0–6.4.5, 7.0.0–7.0.5, 7.2.0–7.2.3; FortiVoice 6.4.0–6.4.10, 7.0.0–7.0.6, 7.2.0

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Fortinet Forticamera

    HW
    Fortinet
    wszystkie wersje
  • Fortinet Forticamera Firmware

    OS
    Fortinet
    1.1.0 – 1.1.52.0.0 – 2.1.3
  • Fortinet Fortimail

    APP
    Fortinet
    7.6.0 – 7.6.3 (bez)7.0.0 – 7.0.9 (bez)7.2.0 – 7.2.8 (bez)7.4.0 – 7.4.5 (bez)
  • Fortinet Fortindr

    APP
    Fortinet
    1.1.01.2.01.3.01.4.01.5.07.1.07.1.17.6.07.0.0 – 7.0.7 (bez)7.4.0 – 7.4.8 (bez)7.2.0 – 7.2.5 (bez)
  • Fortinet Fortirecorder

    APP
    Fortinet
    6.4.0 – 6.4.6 (bez)7.0.0 – 7.0.6 (bez)7.2.0 – 7.2.4 (bez)
  • Fortinet Fortivoice

    APP
    Fortinet
    7.2.06.4.0 – 6.4.11 (bez)7.0.0 – 7.0.7 (bez)

CISA KEV — detailsi

Vendori
Fortinet
Producti
Multiple Products
Added to KEVi
May 14, 2025
Remediation deadline (US Federal)i
June 4, 2025(overdue)
Required action (CISA)i

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

CISA descriptioni

Fortinet FortiFone, FortiVoice, FortiNDR and FortiMail contain a stack-based overflow vulnerability that may allow a remote unauthenticated attacker to execute arbitrary code or commands via crafted HTTP requests.

🔴
IMMEDIATE ACTION
Actively exploited in the wild (CISA KEV). Patch immediately.
CISA DEADLINE: 4 czerwca 2025
Tags
RCEAuth BypassMemory
CWE
References

Related vulnerabilities

CVE-2023-47539CRITICAL9.8PL ✓ten sam produkt

FortiMail: Pominięcie uwierzytelnienia admina przez RADIUS i remote_wildcard

CVE-2021-36166CRITICAL9.8ten sam produkt

An improper authentication vulnerability in FortiMail before 7.0.1 may allow a remote attacker to efficiently ...

CVE-2021-24007CRITICAL9.8ten sam produkt

Multiple improper neutralization of special elements of SQL commands vulnerabilities in FortiMail before 6.4.4...

CVE-2020-9294CRITICAL9.8ten sam produkt

An improper authentication vulnerability in FortiMail 5.4.10, 6.0.7, 6.2.2 and earlier and FortiVoiceEntrepris...

CVE-2025-53681HIGH7.2ten sam produkt

An improper neutralization of special elements used in an SQL Command ("SQL Injection&") vulnerability [CWE-89...