Sign-up

ID

VAR-202505-1884


CVE

CVE-2025-32756


TITLE

Stack-based buffer overflow vulnerability in multiple Fortinet products

Trust: 0.8

sources: JVNDB: JVNDB-2025-005271

DESCRIPTION

A stack-based buffer overflow vulnerability [CWE-121] in Fortinet FortiVoice versions 7.2.0, 7.0.0 through 7.0.6, 6.4.0 through 6.4.10, FortiRecorder versions 7.2.0 through 7.2.3, 7.0.0 through 7.0.5, 6.4.0 through 6.4.5, FortiMail versions 7.6.0 through 7.6.2, 7.4.0 through 7.4.4, 7.2.0 through 7.2.7, 7.0.0 through 7.0.8, FortiNDR versions 7.6.0, 7.4.0 through 7.4.7, 7.2.0 through 7.2.4, 7.0.0 through 7.0.6, FortiCamera versions 2.1.0 through 2.1.3, 2.0 all versions, 1.1 all versions, allows a remote unauthenticated attacker to execute arbitrary code or commands via sending HTTP requests with specially crafted hash cookie. FortiMail , FortiNDR , FortiRecorder Multiple Fortinet products, including firmware, contain stack-based buffer overflow vulnerabilities and out-of-bounds write vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 1.62

sources: NVD: CVE-2025-32756 // JVNDB: JVNDB-2025-005271

AFFECTED PRODUCTS

vendor:fortinetmodel:fortivoicescope:ltversion:6.4.11

Trust: 1.0

vendor:fortinetmodel:fortindrscope:gteversion:7.0.0

Trust: 1.0

vendor:fortinetmodel:forticamerascope:ltversion:2.4.0

Trust: 1.0

vendor:fortinetmodel:fortindrscope:eqversion:7.6.0

Trust: 1.0

vendor:fortinetmodel:fortindrscope:ltversion:7.4.8

Trust: 1.0

vendor:fortinetmodel:fortimailscope:gteversion:7.6.0

Trust: 1.0

vendor:fortinetmodel:fortindrscope:eqversion:7.1.1

Trust: 1.0

vendor:fortinetmodel:fortirecorderscope:ltversion:6.4.6

Trust: 1.0

vendor:fortinetmodel:fortivoicescope:ltversion:7.0.7

Trust: 1.0

vendor:fortinetmodel:forticamerascope:gteversion:1.1.0

Trust: 1.0

vendor:fortinetmodel:fortindrscope:gteversion:7.4.0

Trust: 1.0

vendor:fortinetmodel:fortindrscope:gteversion:7.2.0

Trust: 1.0

vendor:fortinetmodel:fortimailscope:ltversion:7.6.3

Trust: 1.0

vendor:fortinetmodel:fortindrscope:eqversion:1.2.0

Trust: 1.0

vendor:fortinetmodel:fortindrscope:ltversion:7.0.7

Trust: 1.0

vendor:fortinetmodel:fortimailscope:gteversion:7.0.0

Trust: 1.0

vendor:fortinetmodel:fortivoicescope:gteversion:6.4.0

Trust: 1.0

vendor:fortinetmodel:fortivoicescope:eqversion:7.2.0

Trust: 1.0

vendor:fortinetmodel:fortimailscope:gteversion:7.4.0

Trust: 1.0

vendor:fortinetmodel:fortindrscope:eqversion:7.1.0

Trust: 1.0

vendor:fortinetmodel:fortirecorderscope:ltversion:7.0.6

Trust: 1.0

vendor:fortinetmodel:fortivoicescope:gteversion:7.0.0

Trust: 1.0

vendor:fortinetmodel:fortimailscope:gteversion:7.2.0

Trust: 1.0

vendor:fortinetmodel:fortindrscope:eqversion:1.3.0

Trust: 1.0

vendor:fortinetmodel:fortirecorderscope:gteversion:6.4.0

Trust: 1.0

vendor:fortinetmodel:fortimailscope:ltversion:7.4.5

Trust: 1.0

vendor:fortinetmodel:fortirecorderscope:gteversion:7.0.0

Trust: 1.0

vendor:fortinetmodel:fortirecorderscope:ltversion:7.2.4

Trust: 1.0

vendor:fortinetmodel:fortindrscope:eqversion:1.5.0

Trust: 1.0

vendor:fortinetmodel:fortindrscope:ltversion:7.2.5

Trust: 1.0

vendor:fortinetmodel:fortindrscope:eqversion:1.1.0

Trust: 1.0

vendor:fortinetmodel:forticamerascope:lteversion:1.1.5

Trust: 1.0

vendor:fortinetmodel:fortindrscope:eqversion:1.4.0

Trust: 1.0

vendor:fortinetmodel:fortirecorderscope:gteversion:7.2.0

Trust: 1.0

vendor:fortinetmodel:fortimailscope:ltversion:7.0.9

Trust: 1.0

vendor:fortinetmodel:fortimailscope:ltversion:7.2.8

Trust: 1.0

vendor:fortinetmodel:forticamerascope:gteversion:2.0.0

Trust: 1.0

vendor:フォーティネットmodel:fortimailscope: - version: -

Trust: 0.8

vendor:フォーティネットmodel:fortivoicescope: - version: -

Trust: 0.8

vendor:フォーティネットmodel:fortirecorderscope: - version: -

Trust: 0.8

vendor:フォーティネットmodel:forticamerascope: - version: -

Trust: 0.8

vendor:フォーティネットmodel:fortindrscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2025-005271 // NVD: CVE-2025-32756

CVSS

SEVERITY

CVSSV2

CVSSV3

psirt@fortinet.com: CVE-2025-32756
value: CRITICAL

Trust: 1.0

nvd@nist.gov: CVE-2025-32756
value: CRITICAL

Trust: 1.0

NVD: CVE-2025-32756
value: CRITICAL

Trust: 0.8

psirt@fortinet.com: CVE-2025-32756
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 2.0

NVD: CVE-2025-32756
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2025-005271 // NVD: CVE-2025-32756 // NVD: CVE-2025-32756

PROBLEMTYPE DATA

problemtype:CWE-121

Trust: 1.0

problemtype:CWE-787

Trust: 1.0

problemtype:Stack-based buffer overflow (CWE-121) [ others ]

Trust: 0.8

problemtype: Out-of-bounds writing (CWE-787) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2025-005271 // NVD: CVE-2025-32756

PATCH

title:FG-IR-25-254url:https://fortiguard.fortinet.com/psirt/FG-IR-25-254

Trust: 0.8

sources: JVNDB: JVNDB-2025-005271

EXTERNAL IDS

db:NVDid:CVE-2025-32756

Trust: 2.6

db:JVNDBid:JVNDB-2025-005271

Trust: 0.8

sources: JVNDB: JVNDB-2025-005271 // NVD: CVE-2025-32756

REFERENCES

url:https://fortiguard.fortinet.com/psirt/fg-ir-25-254

Trust: 1.0

url:https://nvd.nist.gov/vuln/detail/cve-2025-32756

Trust: 0.8

url:https://www.cisa.gov/known-exploited-vulnerabilities-catalog

Trust: 0.8

sources: JVNDB: JVNDB-2025-005271 // NVD: CVE-2025-32756

SOURCES

db:JVNDBid:JVNDB-2025-005271
db:NVDid:CVE-2025-32756

LAST UPDATE DATE

2025-05-22T22:49:16.272000+00:00


SOURCES UPDATE DATE

db:JVNDBid:JVNDB-2025-005271date:2025-05-20T00:50:00
db:NVDid:CVE-2025-32756date:2025-05-16T19:41:05.917

SOURCES RELEASE DATE

db:JVNDBid:JVNDB-2025-005271date:2025-05-20T00:00:00
db:NVDid:CVE-2025-32756date:2025-05-13T15:15:57.113