Fortinet has patched a important security flaw that it stated has been exploited as a zero-day in assaults focusing on FortiVoice enterprise telephone programs.
The vulnerability, tracked as CVE-2025-32756, carries a CVSS rating of 9.6 out of 10.0.
“A stack-based overflow vulnerability [CWE-121] in FortiVoice, FortiMail, FortiNDR, FortiRecorder, and FortiCamera could enable a distant unauthenticated attacker to execute arbitrary code or instructions by way of crafted HTTP requests,” the corporate stated in an advisory.
The corporate stated it noticed the flaw being exploited within the wild on FortiVoice programs, however didn’t disclose the size of the assaults and the id of the risk actors behind them.
It additional famous that the risk actor carried out gadget community scans, erased system crash logs, and enabled fcgi debugging to log credentials from the system or SSH login makes an attempt.

The problem impacts the next merchandise and variations –
- FortiCamera 1.1, 2.0 (Migrate to a set launch)
- FortiCamera 2.1.x (Improve to 2.1.4 or above)
- FortiMail 7.0.x (Improve to 7.0.9 or above)
- FortiMail 7.2.x (Improve to 7.2.8 or above)
- FortiMail 7.4.x (Improve to 7.4.5 or above)
- FortiMail 7.6.x (Improve to 7.6.3 or above)
- FortiNDR 1.1, 1.2, 1.3, 1.4, 1.5, 7.1 (Migrate to a set launch)
- FortiNDR 7.0.x (Improve to 7.0.7 or above)
- FortiNDR 7.2.x (Improve to 7.2.5 or above)
- FortiNDR 7.4.x (Improve to 7.4.8 or above)
- FortiNDR 7.6.x (Improve to 7.6.1 or above)
- FortiRecorder 6.4.x (Improve to six.4.6 or above)
- FortiRecorder 7.0.x (Improve to 7.0.6 or above)
- FortiRecorder 7.2.x (Improve to 7.2.4 or above)
- FortiVoice 6.4.x (Improve to six.4.11 or above)
- FortiVoice 7.0.x (Improve to 7.0.7 or above)
- FortiVoice 7.2.x (Improve to 7.2.1 or above)
Fortinet stated the vulnerability was found by its product security staff based mostly on the risk actor exercise that originated from the beneath IP addresses –
- 198.105.127.124
- 43.228.217.173
- 43.228.217.82
- 156.236.76.90
- 218.187.69.244
- 218.187.69.59
Customers of FortiVoice, FortiMail, FortiNDR, FortiRecorder and FortiCamera are advisable to use the required fixes to safe their gadgets from lively exploitation makes an attempt. If quick patching just isn’t an possibility, it is suggested to disable the HTTP/HTTPS administrative interface as a short lived workaround.