Subscribe

Keep Up to Date with the Most Important News

By pressing the Subscribe button, you confirm that you have read and are agreeing to our Privacy Policy and Terms of Service
Subscribe
Twitter
Twitter

Fortinet Flaw Under Attack, Zero-Day Exploit Revealed

byBusinessnoon
May 14, 2025
Fortinet Flaw Under Attack, Zero-Day Exploit Revealed Fortinet Flaw Under Attack, Zero-Day Exploit Revealed
IMAGE CREDITS: SHI

Fortinet has issued patches for a critical zero-day vulnerability that has already been exploited in targeted attacks against its FortiVoice enterprise phone systems. The flaw, identified as CVE-2025-32756, carries a CVSS severity score of 9.6 out of 10, making it one of the most urgent security issues facing users of Fortinet products this year.

This high-risk bug is a stack-based buffer overflow vulnerability (CWE-121) that allows unauthenticated remote attackers to execute arbitrary commands by sending crafted HTTP requests. It affects several Fortinet products, including FortiVoice, FortiMail, FortiNDR, FortiRecorder, and FortiCamera.

Fortinet confirmed that threat actors have actively exploited the bug in the wild, specifically on FortiVoice systems. The attackers were seen scanning networks, deleting system crash logs, and enabling fcgi debugging to harvest login credentials from the system or via SSH attempts. However, the company has not disclosed the full extent of the attacks or identified the groups behind them.

Patch Now or Disable Admin Interfaces

The vulnerability affects a wide range of firmware versions across multiple product lines. Fortinet strongly recommends users upgrade to the following patched versions:

  • FortiVoice: Upgrade to 6.4.11, 7.0.7, or 7.2.1 and above
  • FortiMail: Upgrade to 7.0.9, 7.2.8, 7.4.5, or 7.6.3 and above
  • FortiNDR: Upgrade to 7.0.7, 7.2.5, 7.4.8, or 7.6.1 and above
  • FortiRecorder: Upgrade to 6.4.6, 7.0.6, or 7.2.4 and above
  • FortiCamera: Upgrade to version 2.1.4 or higher

For versions that require migration rather than a simple update, users should consult Fortinet’s full advisory.

If patching is not immediately possible, Fortinet advises disabling the HTTP/HTTPS administrative interface as a temporary workaround to reduce risk.

The company attributed the detection of this vulnerability to its internal product security team, which began investigating after observing suspicious activity originating from the following IP addresses:

  • 198.105.127.124
  • 43.228.217.173
  • 43.228.217.82
  • 156.236.76.90
  • 218.187.69.244
  • 218.187.69.59

Organizations using FortiVoice, FortiMail, FortiNDR, FortiRecorder, or FortiCamera are urged to act quickly, as this Fortinet zero-day vulnerability is already being used in the wild. Timely patching or mitigation is essential to prevent system compromise.

Share with others
byBusinessnoon
Published

Related News