VDB

CISA-2025-32756

CISA-2025-32756 PUBLISHED CVSS 9.6 CRITICAL

Reported by fortinet · Published May 13, 2025

A stack-based buffer overflow vulnerability [CWE-121] vulnerability in Fortinet FortiCamera 2.1.0 through 2.1.3, FortiCamera 2.0 all versions, FortiCamera 1.1 all versions, FortiMail 7.6.0 through 7.6.2, FortiMail 7.4.0 through 7.4.4, FortiMail 7.2.0 through 7.2.7, FortiMail 7.0.0 through 7.0.8, FortiNDR 7.6.0, FortiNDR 7.4.0 through 7.4.7, FortiNDR 7.2.0 through 7.2.4, FortiNDR 7.0.0 through 7.0.6, FortiRecorder 7.2.0 through 7.2.3, FortiRecorder 7.0.0 through 7.0.5, FortiRecorder 6.4.0 through 6.4.5, FortiVoice 7.2.0, FortiVoice 7.0.0 through 7.0.6, FortiVoice 6.4.0 through 6.4.10 allows a remote unauthenticated attacker to execute arbitrary code or commands via sending HTTP requests with specially crafted hash cookie.

Risk Scores

CVSS 3.1
9.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:X/RC:C

Affected Products

VendorProductVersions
FortinetFortiNDR7.6.0, 7.4.0, 7.2.0
FortinetFortiCamera2.1.0, 2.0.0, 1.1.0
FortinetFortiRecorder7.2.0, 7.0.0, 6.4.0
FortinetFortiVoice7.2.0, 7.0.0, 6.4.0
FortinetFortiMail7.6.0, 7.4.0, 7.2.0
FortinetFortiCamera1.1.0, 2.0.0, 2.1.0
FortinetFortiNDR1.1.0, 7.0.0, 7.1.0
FortinetFortiRecorder6.4.0, 7.0.0, 7.2.0
FortinetFortiMail7.2.0, 7.6.0, 7.2.0
FortinetFortiVoice6.4.0, 7.0.0, 7.2.0

Timeline

  • May 13, 2025 CVE Published
  • Jan 15, 2026 CVE Updated
Open in Interactive Console →
$ Console Community · 100/wk Open console ›