⚠ Actively exploited
Added to CISA KEV on 2025-05-14. Federal agencies required to patch by 2025-06-04. Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable..
CVE-2025-32756
Severity
9.8CRITICAL
EPSS
41.6%
top 2.59%
CISA KEV
KEV
Added 2025-05-14
Due 2025-06-04
Exploit
No known exploits
Affected products
Timeline
PublishedMay 13
KEV addedMay 14
KEV dueJun 4
Latest updateJun 13
CISA Required Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Description
A stack-based buffer overflow vulnerability [CWE-121] vulnerability in Fortinet FortiCamera 2.1.0 through 2.1.3, FortiCamera 2.0 all versions, FortiCamera 1.1 all versions, FortiMail 7.6.0 through 7.6.2, FortiMail 7.4.0 through 7.4.4, FortiMail 7.2.0 through 7.2.7, FortiMail 7.0.0 through 7.0.8, FortiNDR 7.6.0, FortiNDR 7.4.0 through 7.4.7, FortiNDR 7.2.0 through 7.2.4, FortiNDR 7.0.0 through 7.0.6, FortiRecorder 7.2.0 through 7.2.3, FortiRecorder 7.0.0 through 7.0.5, FortiRecorder 6.4.0 through…
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9
Affected Packages10 packages
🔴Vulnerability Details
3🔍Detection Rules
1Suricata▶
ET WEB_SPECIFIC_APPS Fortinet Admin API Stack-based Buffer Overflow in AuthHash Cookie (CVE-2025-32756)↗2025-06-13