May 13, 2025 By Zeljka Zorz
Fortinet has patched a critical vulnerability (CVE-2025-32756) that has been exploited in the wild to compromise FortiVoice phone / conferencing systems, the company’s product security incident response team has revealed on Tuesday.
About CVE-2025-32756
CVE-2025-32756 is a stack-based overflow vulnerability that can lead to remote code and command execution by unauthenticated attackers. To trigger it, they only need to send a specially crafted HTTP request to a specific API.
According to the Fortinet PSIRT, the threat actor has used it to perform scans of the device network, erase system crashlogs, enable “fcgi debugging” setting to log credentials from the system or SSH login attempts, and drop malware.
