Initiatieven voor
Als nationale autoriteit voor cyberveiligheid heeft het CCB verschillende initiatieven ontwikkeld voor specifieke doelgroepen die hier worden gepresenteerd.
Warning: CVE-2025-32756 Buffer Overflow Vulnerability in Fortinet FortiVoice, FortiMail, FortiNDR, FortiRecorder, and FortiCamera, leading to Unauthenticated Remote Code Execution, Patch Immediately!
Image
Gepubliceerd : 14/05/2025
- Last update: 14/05/2025
- Affected software:
→ FortiMail versions 7.6.0 through 7.6.2, 7.4.0 through 7.4.4, 7.2.0 through 7.2.7, 7.0.0 through 7.0.8
→ FortiRecorder versions 7.2.0 through 7.2.3, 7.0.0 through 7.0.5, 6.4.0 through 6.4.5
→ FortiVoice versions 7.2.0, 7.0.0 through 7.0.6, 6.4.0 through 6.4.10
→ FortiNDR versions 7.6.0, 7.4.0 through 7.4.7, 7.2.0 through 7.2.4, 7.0.0 through 7.0.6
→ FortiCamera versions 2.1.0 through 2.1.3, 2.0 all versions, 1.1 all versions- Type:
→ Stack-based Buffer Overflow- CVE/CVSS:
→ CVE-2025-32756: CVSS 9.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H))
Sources
https://fortiguard.fortinet.com/psirt/FG-IR-25-254
Risks
CVE-2025-32756 is a critical vulnerability that allows a remote unauthenticated attacker to execute arbitrary code, which is exploited in the wild. Exploiting this flaw could allow unauthorized access to sensitive systems, potentially exposing confidential data, altering system behaviour, or disrupting services, posing a direct threat to the confidentiality, integrity, and availability of affected Fortinet products.
FortiVoice, FortiMail, FortiNDR, FortiRecorder, and FortiCamera are specialized security and communication solutions developed by Fortinet. FortiVoice provides secure VoIP; FortiMail offers advanced email protection; FortiNDR delivers AI-driven network threat detection and response; FortiRecorder serves as a network video recorder for managing surveillance footage; and FortiCamera comprises a suite of IP-based cameras designed for physical security integration.
Description
CVE-2025-32756 is a stack-based buffer overflow vulnerability that allows a remote, unauthenticated attacker to execute arbitrary code or commands via sending HTTP requests with a specially crafted hash cookie. This Remote Code Execution (RCE) could result in complete system compromise, data theft, or malware installation.
Recommended Actions
Patch
The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority, after thorough testing.
Monitor/Detect
The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity, ensuring a swift response in case of an intrusion.
In case of an intrusion, you can report an incident via: https://ccb.belgium.be/cert/report-incident.
While patching appliances or software to the newest version may provide safety from future exploitation, it does not remediate historic compromise.