All the vulnerabilites related to Fortinet - FortiCamera
cve-2025-32756
Vulnerability from cvelistv5
Published
2025-05-13 14:46
Modified
2025-05-15 04:01
Severity ?
EPSS score ?
Summary
A stack-based buffer overflow vulnerability [CWE-121] in Fortinet FortiVoice versions 7.2.0, 7.0.0 through 7.0.6, 6.4.0 through 6.4.10, FortiRecorder versions 7.2.0 through 7.2.3, 7.0.0 through 7.0.5, 6.4.0 through 6.4.5, FortiMail versions 7.6.0 through 7.6.2, 7.4.0 through 7.4.4, 7.2.0 through 7.2.7, 7.0.0 through 7.0.8, FortiNDR versions 7.6.0, 7.4.0 through 7.4.7, 7.2.0 through 7.2.4, 7.0.0 through 7.0.6, FortiCamera versions 2.1.0 through 2.1.3, 2.0 all versions, 1.1 all versions, allows a remote unauthenticated attacker to execute arbitrary code or commands via sending HTTP requests with specially crafted hash cookie.
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-32756",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-13T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2025-05-14",
"reference": "https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json"
},
"type": "kev"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-15T04:01:16.758Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"timeline": [
{
"lang": "en",
"time": "2025-05-14T00:00:00+00:00",
"value": "CVE-2025-32756 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:fortinet:fortivoice:7.2.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortivoice:7.0.6:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortivoice:7.0.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortivoice:7.0.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortivoice:7.0.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortivoice:7.0.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortivoice:7.0.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortivoice:7.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortivoice:6.4.10:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortivoice:6.4.9:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortivoice:6.4.8:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortivoice:6.4.7:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortivoice:6.4.6:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortivoice:6.4.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortivoice:6.4.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortivoice:6.4.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortivoice:6.4.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortivoice:6.4.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortivoice:6.4.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "FortiVoice",
"vendor": "Fortinet",
"versions": [
{
"status": "affected",
"version": "7.2.0"
},
{
"lessThanOrEqual": "7.0.6",
"status": "affected",
"version": "7.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.4.10",
"status": "affected",
"version": "6.4.0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:fortinet:fortirecorder:7.2.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortirecorder:7.2.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortirecorder:7.2.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortirecorder:7.2.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortirecorder:7.0.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortirecorder:7.0.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortirecorder:7.0.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortirecorder:7.0.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortirecorder:7.0.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortirecorder:7.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortirecorder:6.4.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortirecorder:6.4.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortirecorder:6.4.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortirecorder:6.4.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortirecorder:6.4.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortirecorder:6.4.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "FortiRecorder",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "7.2.3",
"status": "affected",
"version": "7.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.0.5",
"status": "affected",
"version": "7.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.4.5",
"status": "affected",
"version": "6.4.0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:fortinet:fortimail:7.6.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:7.6.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:7.6.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:7.4.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:7.4.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:7.4.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:7.4.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:7.4.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:7.2.7:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:7.2.6:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:7.2.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:7.2.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:7.2.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:7.2.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:7.2.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:7.2.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:7.0.8:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:7.0.7:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:7.0.6:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:7.0.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:7.0.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:7.0.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:7.0.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:7.0.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:7.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "FortiMail",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "7.6.2",
"status": "affected",
"version": "7.6.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.4.4",
"status": "affected",
"version": "7.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.2.7",
"status": "affected",
"version": "7.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.0.8",
"status": "affected",
"version": "7.0.0",
"versionType": "semver"
}
]
},
{
"cpes": [],
"defaultStatus": "unaffected",
"product": "FortiNDR",
"vendor": "Fortinet",
"versions": [
{
"status": "affected",
"version": "7.6.0"
},
{
"lessThanOrEqual": "7.4.7",
"status": "affected",
"version": "7.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.2.4",
"status": "affected",
"version": "7.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.1.1",
"status": "affected",
"version": "7.1.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.0.6",
"status": "affected",
"version": "7.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "1.5.3",
"status": "affected",
"version": "1.5.0",
"versionType": "semver"
},
{
"status": "affected",
"version": "1.4.0"
},
{
"lessThanOrEqual": "1.3.1",
"status": "affected",
"version": "1.3.0",
"versionType": "semver"
},
{
"status": "affected",
"version": "1.2.0"
},
{
"status": "affected",
"version": "1.1.0"
}
]
},
{
"cpes": [
"cpe:2.3:a:fortinet:forticamera:2.1.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticamera:2.1.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticamera:2.1.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticamera:2.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticamera:2.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticamera:1.1.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticamera:1.1.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticamera:1.1.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticamera:1.1.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticamera:1.1.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticamera:1.1.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "FortiCamera",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "2.1.3",
"status": "affected",
"version": "2.1.0",
"versionType": "semver"
},
{
"status": "affected",
"version": "2.0.0"
},
{
"lessThanOrEqual": "1.1.5",
"status": "affected",
"version": "1.1.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A stack-based buffer overflow vulnerability [CWE-121] in Fortinet FortiVoice versions 7.2.0, 7.0.0 through 7.0.6, 6.4.0 through 6.4.10, FortiRecorder versions 7.2.0 through 7.2.3, 7.0.0 through 7.0.5, 6.4.0 through 6.4.5, FortiMail versions 7.6.0 through 7.6.2, 7.4.0 through 7.4.4, 7.2.0 through 7.2.7, 7.0.0 through 7.0.8, FortiNDR versions 7.6.0, 7.4.0 through 7.4.7, 7.2.0 through 7.2.4, 7.0.0 through 7.0.6, FortiCamera versions 2.1.0 through 2.1.3, 2.0 all versions, 1.1 all versions, allows a remote unauthenticated attacker to execute arbitrary code or commands via sending HTTP requests with specially crafted hash cookie."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:X/RC:C",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "Execute unauthorized code or commands",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-13T14:46:44.208Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"name": "https://fortiguard.fortinet.com/psirt/FG-IR-25-254",
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-25-254"
}
],
"solutions": [
{
"lang": "en",
"value": "Please upgrade to FortiVoice version 7.2.1 or above \nPlease upgrade to FortiVoice version 7.0.7 or above \nPlease upgrade to FortiVoice version 6.4.11 or above \nPlease upgrade to FortiRecorder version 7.2.4 or above \nPlease upgrade to FortiRecorder version 7.0.6 or above \nPlease upgrade to FortiRecorder version 6.4.6 or above \nPlease upgrade to FortiMail version 7.6.3 or above \nPlease upgrade to FortiMail version 7.4.5 or above \nPlease upgrade to FortiMail version 7.2.8 or above \nPlease upgrade to FortiMail version 7.0.9 or above \nPlease upgrade to FortiNDR version 7.6.1 or above \nPlease upgrade to FortiNDR version 7.4.8 or above \nPlease upgrade to FortiNDR version 7.2.5 or above \nPlease upgrade to FortiNDR version 7.0.7 or above \nPlease upgrade to FortiCamera version 2.1.4 or above"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2025-32756",
"datePublished": "2025-05-13T14:46:44.208Z",
"dateReserved": "2025-04-10T08:12:12.347Z",
"dateUpdated": "2025-05-15T04:01:16.758Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}