CVE-2025-32756: FortiVoice Zero-Day Exploit Alert

SUMMARY :

A critical zero-day vulnerability (CVE-2025-32756) in multiple Fortinet products, including FortiVoice, has been actively exploited. The flaw is a stack-based buffer overflow that allows remote code execution without authentication. Attackers can gain full control of affected systems, access sensitive data, and pivot to other internal networks. The vulnerability stems from an enabled fcgi debugging option, which is not a default setting. Fortinet has released patches and recommends immediate action. Detection methods include checking for enabled fcgi debugging and monitoring specific log entries. The threat actor has been observed conducting network scans, deleting crash logs, and enabling FCGI debugging to capture credentials.

OPENCTI LABELS :

zero-day,fortinet,patch,fortivoice,remote-code-execution,credential-capture,cve-2025-32756,network-scan,buffer-overflow


Open in NetmanageIT OpenCTI Public Instance with below link!


Use public read only username and password on login page.

NOTE : Use Public READ only user credentials on login page banner.


CVE-2025-32756: FortiVoice Zero-Day Exploit Alert