CVE-2025-32756 - Fortinet Multiple Products Stack-Based Buffer Overflow Vulnerability
Project:Fortinet
Product:Multiple Products
Date Added:2025-05-14Due Date:2025-06-04
Vulnerability Name
Fortinet Multiple Products Stack-Based Buffer Overflow Vulnerability
Description
Fortinet FortiFone, FortiVoice, FortiNDR and FortiMail contain a stack-based overflow vulnerability that may allow a remote unauthenticated attacker to execute arbitrary code or commands via crafted HTTP requests.
Known To Be Used in Ransomware Campaigns?
Unknown
Action
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Additional Notes
https://fortiguard.fortinet.com/psirt/FG-IR-25-254
https://nvd.nist.gov/vuln/detail/CVE-2025-32756