Ptechhub
  • News
  • Industries
    • Enterprise IT
    • AI & ML
    • Cybersecurity
    • Finance
    • Telco
  • Brand Hub
    • Lifesight
  • Blogs
No Result
View All Result
  • News
  • Industries
    • Enterprise IT
    • AI & ML
    • Cybersecurity
    • Finance
    • Telco
  • Brand Hub
    • Lifesight
  • Blogs
No Result
View All Result
PtechHub
No Result
View All Result

Fortinet Patches CVE-2025-32756 Zero-Day RCE Flaw Exploited in FortiVoice Systems

The Hacker News by The Hacker News
May 14, 2025
Home Cybersecurity
Share on FacebookShare on Twitter


May 14, 2025Ravie LakshmananVulnerability / Network Security

Fortinet has patched a critical security flaw that it said has been exploited as a zero-day in attacks targeting FortiVoice enterprise phone systems.

The vulnerability, tracked as CVE-2025-32756, carries a CVSS score of 9.6 out of 10.0.

“A stack-based overflow vulnerability [CWE-121] in FortiVoice, FortiMail, FortiNDR, FortiRecorder, and FortiCamera may allow a remote unauthenticated attacker to execute arbitrary code or commands via crafted HTTP requests,” the company said in an advisory.

The company said it observed the flaw being exploited in the wild on FortiVoice systems, but did not disclose the scale of the attacks and the identity of the threat actors behind them.

It further noted that the threat actor performed device network scans, erased system crash logs, and enabled fcgi debugging to log credentials from the system or SSH login attempts.

Cybersecurity

The issue affects the following products and versions –

  • FortiCamera 1.1, 2.0 (Migrate to a fixed release)
  • FortiCamera 2.1.x (Upgrade to 2.1.4 or above)
  • FortiMail 7.0.x (Upgrade to 7.0.9 or above)
  • FortiMail 7.2.x (Upgrade to 7.2.8 or above)
  • FortiMail 7.4.x (Upgrade to 7.4.5 or above)
  • FortiMail 7.6.x (Upgrade to 7.6.3 or above)
  • FortiNDR 1.1, 1.2, 1.3, 1.4, 1.5, 7.1 (Migrate to a fixed release)
  • FortiNDR 7.0.x (Upgrade to 7.0.7 or above)
  • FortiNDR 7.2.x (Upgrade to 7.2.5 or above)
  • FortiNDR 7.4.x (Upgrade to 7.4.8 or above)
  • FortiNDR 7.6.x (Upgrade to 7.6.1 or above)
  • FortiRecorder 6.4.x (Upgrade to 6.4.6 or above)
  • FortiRecorder 7.0.x (Upgrade to 7.0.6 or above)
  • FortiRecorder 7.2.x (Upgrade to 7.2.4 or above)
  • FortiVoice 6.4.x (Upgrade to 6.4.11 or above)
  • FortiVoice 7.0.x (Upgrade to 7.0.7 or above)
  • FortiVoice 7.2.x (Upgrade to 7.2.1 or above)

Fortinet said the vulnerability was discovered by its product security team based on the threat actor activity that originated from the below IP addresses –

  • 198.105.127.124
  • 43.228.217.173
  • 43.228.217.82
  • 156.236.76.90
  • 218.187.69.244
  • 218.187.69.59

Users of FortiVoice, FortiMail, FortiNDR, FortiRecorder and FortiCamera are recommended to apply the necessary fixes to secure their devices from active exploitation attempts. If immediate patching is not an option, it’s advised to disable the HTTP/HTTPS administrative interface as a temporary workaround.

Found this article interesting? Follow us on Twitter  and LinkedIn to read more exclusive content we post.





Source link

Tags: computer securitycyber attackscyber newscyber security newscyber security news todaycyber security updatescyber updatesdata breachhacker newshacking newshow to hackinformation securitynetwork securityransomware malwaresoftware vulnerabilitythe hacker news
The Hacker News

The Hacker News

Next Post
Roundtable: Why did customers sail away from VMware? | Computer Weekly

Roundtable: Why did customers sail away from VMware? | Computer Weekly

Recommended.

Toyota Research Institute: La ciencia del comportamiento puede impulsar una mayor reducción de las emisiones de carbono de los vehículos eléctricos

Toyota Research Institute: La ciencia del comportamiento puede impulsar una mayor reducción de las emisiones de carbono de los vehículos eléctricos

September 17, 2025
Cisco Launches New Cisco 360 Partner Program, Built with Partners for the AI Era

Cisco Launches New Cisco 360 Partner Program, Built with Partners for the AI Era

January 26, 2026

Trending.

CELLCOM ISRAEL LTD. Announcement of A Special General Meeting of The Shareholders of The Company

CELLCOM ISRAEL LTD. Announcement of A Special General Meeting of The Shareholders of The Company

May 21, 2025
Veeam Debuts Data Resiliency Maturity Model To Assess, Improve Customers’ Cyber Resiliency

Veeam Debuts Data Resiliency Maturity Model To Assess, Improve Customers’ Cyber Resiliency

April 23, 2025
MocPOGO Easter Special Deals: The Pokémon GO Spoofer You Need for Might and Mastery 2025!

MocPOGO Easter Special Deals: The Pokémon GO Spoofer You Need for Might and Mastery 2025!

April 7, 2025
VNET Wins 40MW Wholesale Order from Leading Internet Company for Its New Strategic IDC Campus

VNET Wins 40MW Wholesale Order from Leading Internet Company for Its New Strategic IDC Campus

September 11, 2025
Insurance Modernization at Risk as Workforce Strategies Fall Behind, Says Info-Tech Research Group

Insurance Modernization at Risk as Workforce Strategies Fall Behind, Says Info-Tech Research Group

May 8, 2026

PTechHub

A tech news platform delivering fresh perspectives, critical insights, and in-depth reporting — beyond the buzz. We cover innovation, policy, and digital culture with clarity, independence, and a sharp editorial edge.

Follow Us

Industries

  • AI & ML
  • Cybersecurity
  • Enterprise IT
  • Finance
  • Telco

Navigation

  • About
  • Advertise
  • Privacy & Policy
  • Contact

Subscribe to Our Newsletter

  • About
  • Advertise
  • Privacy & Policy
  • Contact

Copyright © 2025 | Powered By Porpholio

No Result
View All Result
  • News
  • Industries
    • Enterprise IT
    • AI & ML
    • Cybersecurity
    • Finance
    • Telco
  • Brand Hub
    • Lifesight
  • Blogs

Copyright © 2025 | Powered By Porpholio