Article Details

Fortinet Patches CVE-2025-32756 Zero-Day RCE Flaw Exploited in FortiVoice Systems

Source: The Hacker News
Published: 2025-05-14 04:21
Fetched: 2025-05-14 05:17
Read Original Article

Summary

Fortinet has addressed a critical zero-day vulnerability, CVE-2025-32756, in its FortiVoice enterprise phone systems. This flaw, with a CVSS score of 9.6, involves a stack-based overflow vulnerability (CWE-121) that could allow remote unauthenticated attackers to execute arbitrary code. The vulnerability also affects other Fortinet products, including FortiMail, FortiNDR, FortiRecorder, and FortiCamera. The exploitation of this flaw underscores the importance of timely patch management, particularly in systems handling sensitive communications. Fortinet's swift response highlights the ongoing challenges in securing enterprise communication systems against sophisticated threats. Organizations using these products are urged to apply the patches immediately to mitigate potential risks.

LinkedIn Post

Fortinet patches critical zero-day CVE-2025-32756 in FortiVoice systems, preventing remote code execution. A reminder of the importance of timely updates in safeguarding enterprise communications. #CyberSecurity #ZeroDay #Fortinet #PatchManagement

Content

Fortinet has patched a critical security flaw that it said has been exploited as a zero-day in attacks targeting FortiVoice enterprise phone systems. The vulnerability, tracked as CVE-2025-32756, carries a CVSS score of 9.6 out of 10.0. "A stack-based overflow vulnerability [CWE-121] in FortiVoice, FortiMail, FortiNDR, FortiRecorder, and FortiCamera may allow a remote unauthenticated attacker to