Unrated severityCISA KEVNVD Advisory· Published May 13, 2025· Updated Feb 26, 2026

CVE-2025-32756

Description

A stack-based buffer overflow vulnerability [CWE-121] vulnerability in Fortinet FortiCamera 2.1.0 through 2.1.3, FortiCamera 2.0 all versions, FortiCamera 1.1 all versions, FortiMail 7.6.0 through 7.6.2, FortiMail 7.4.0 through 7.4.4, FortiMail 7.2.0 through 7.2.7, FortiMail 7.0.0 through 7.0.8, FortiNDR 7.6.0, FortiNDR 7.4.0 through 7.4.7, FortiNDR 7.2.0 through 7.2.4, FortiNDR 7.0.0 through 7.0.6, FortiRecorder 7.2.0 through 7.2.3, FortiRecorder 7.0.0 through 7.0.5, FortiRecorder 6.4.0 through 6.4.5, FortiVoice 7.2.0, FortiVoice 7.0.0 through 7.0.6, FortiVoice 6.4.0 through 6.4.10 allows a remote unauthenticated attacker to execute arbitrary code or commands via sending HTTP requests with specially crafted hash cookie.

Affected products

Fortinet/FortiCamerav5
cpe:2.3:a:fortinet:forticamera:2.1.3:*:*:*:*:*:*:*
Range: 2.1.0
Fortinet/Fortimailv5
cpe:2.3:a:fortinet:fortimail:7.6.2:*:*:*:*:*:*:*
Range: 7.6.0
Fortinet/Fortindrv5
cpe:2.3:a:fortinet:fortindr:7.6.0:*:*:*:*:*:*:*
Range: 7.6.0
Fortinet/FortiRecorderv5
cpe:2.3:a:fortinet:fortirecorder:7.2.3:*:*:*:*:*:*:*
Range: 7.2.0
Fortinet/Fortivoicev5
cpe:2.3:a:fortinet:fortivoice:7.2.0:*:*:*:*:*:*:*
Range: 7.2.0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

fortiguard.fortinet.com/psirt/FG-IR-25-254mitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.033
exploit	0.000
kev	0.120
patch	0.000
ransomware	0.000