Initiatives for
    
    As the national authority for Cybersecurity the CCB has developed several initiatives for specific publics which are presented here.
      
     
                  
- Last update: 14/05/2025
- Affected software:
→ FortiMail versions 7.6.0 through 7.6.2, 7.4.0 through 7.4.4, 7.2.0 through 7.2.7, 7.0.0 through 7.0.8
→ FortiRecorder versions 7.2.0 through 7.2.3, 7.0.0 through 7.0.5, 6.4.0 through 6.4.5
→ FortiVoice versions 7.2.0, 7.0.0 through 7.0.6, 6.4.0 through 6.4.10
→ FortiNDR versions 7.6.0, 7.4.0 through 7.4.7, 7.2.0 through 7.2.4, 7.0.0 through 7.0.6
→ FortiCamera versions 2.1.0 through 2.1.3, 2.0 all versions, 1.1 all versions- Type:
→ Stack-based Buffer Overflow- CVE/CVSS:
→ CVE-2025-32756: CVSS 9.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H))
https://fortiguard.fortinet.com/psirt/FG-IR-25-254
CVE-2025-32756 is a critical vulnerability that allows a remote unauthenticated attacker to execute arbitrary code, which is exploited in the wild. Exploiting this flaw could allow unauthorized access to sensitive systems, potentially exposing confidential data, altering system behaviour, or disrupting services, posing a direct threat to the confidentiality, integrity, and availability of affected Fortinet products.
FortiVoice, FortiMail, FortiNDR, FortiRecorder, and FortiCamera are specialized security and communication solutions developed by Fortinet. FortiVoice provides secure VoIP; FortiMail offers advanced email protection; FortiNDR delivers AI-driven network threat detection and response; FortiRecorder serves as a network video recorder for managing surveillance footage; and FortiCamera comprises a suite of IP-based cameras designed for physical security integration.
Update: 2025-05-22
A proof of concept is publicly available. When a proof of concept is released, more threat actors are able to use it to compromise victims. As a result, it is expected that exploitation of this vulnerability will go up.
CVE-2025-32756 is a stack-based buffer overflow vulnerability that allows a remote, unauthenticated attacker to execute arbitrary code or commands via sending HTTP requests with a specially crafted hash cookie. This Remote Code Execution (RCE) could result in complete system compromise, data theft, or malware installation.
Patch
The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority, after thorough testing.
Monitor/Detect
The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity, ensuring a swift response in case of an intrusion.
In case of an intrusion, you can report an incident via: https://ccb.belgium.be/cert/report-incident.
While patching appliances or software to the newest version may provide safety from future exploitation, it does not remediate historic compromise.