Security Incident Response Team

SUMMARY :

A critical vulnerability in various Fortinet products allows remote attackers to execute arbitrary code via crafted HTTP requests. Observed exploitation on FortiVoice involved network scanning, erasing system logs, and enabling fcgi debugging to capture credentials. Affected products include FortiVoice, FortiMail, FortiNDR, FortiRecorder, and FortiCamera across multiple versions. The threat actor used specific IP addresses and modified system files and settings. Indicators of compromise include added malicious files, modified cron jobs, and altered configuration files. Fortinet recommends upgrading to patched versions or disabling the HTTP/HTTPS administrative interface as a workaround.

OPENCTI LABELS :

remote code execution,credential theft,buffer overflow,network scanning,fortivoice,cve-2025-32756,fortindr,forticamera,fortimail,log manipulation,fortirecorder


Open in NetmanageIT OpenCTI Public Instance with below link!


Use public read only username and password on login page.

NOTE : Use Public READ only user credentials on login page banner.


Security Incident Response Team