Wednesday, May 14, 2025
Advertisements

FortiVoice 0-Day Vulnerability Exploited to Execute Arbitrary Code

by Charline
written by Charline

Fortinet has disclosed a critical vulnerability (CVE-2025-32756) affecting multiple products in its security portfolio, with confirmed exploitation targeting FortiVoice systems.

The vulnerability, a stack-based buffer overflow, carries a CVSS score of 9.6. It allows unauthenticated remote attackers to execute arbitrary code or commands via specially crafted HTTP requests, potentially giving them full control over the affected devices.

Advertisements

Affected Products and Immediate Action

The flaw impacts FortiVoice, FortiMail, FortiNDR, FortiRecorder, and FortiCamera products across several versions. The vulnerability was discovered after active exploitation was observed in FortiVoice deployments.

Advertisements

Fortinet released security patches on May 13, 2025, addressing the vulnerability in affected products. Customers are urged to update to the latest patched versions immediately. If updates cannot be applied right away, Fortinet recommends disabling HTTP/HTTPS administrative interfaces as a temporary workaround.

Advertisements

Attack Patterns and Indicators of Compromise

Fortinet has documented several attack behaviors, including:

Advertisements
  • Network reconnaissance
  • Erasure of system crash logs to conceal activities
  • Enabling FCGI debugging to capture credentials or log SSH login attempts

Researchers have identified multiple indicators of compromise (IoCs) linked to these attacks, such as suspicious log entries and unauthorized file modifications. Six IP addresses, including 198.105.127.124 and 218.187.69.244, have been connected to the attack.

Previous Vulnerabilities and Ongoing Threats

This attack follows a pattern of vulnerabilities in Fortinet products. Earlier in 2025, a different critical flaw (CVE-2024-55591) was exploited in the wild, and in late 2022, another vulnerability (CVE-2022-40684) was used by cyber-espionage groups.

Security experts stress that network security devices like FortiVoice are high-value targets due to their access to sensitive communications. Organizations using affected Fortinet products should prioritize addressing this vulnerability.

You Might Also Like
Advertisements
blank

Charline is the editor of ProxyServerPro's platform. She is a digital privacy and proxy solutions expert with over 10 years of experience writing and editing content related to online security, browsing solutions, and data protection. Charline has contributed to various tech publications and worked closely with professionals and businesses to enhance their understanding of proxies, internet anonymity, and digital security. Prior to joining ProxyServerPro, she worked at leading digital security firms, where she helped produce educational content aimed at helping users navigate the complexities of the online world with confidence and security.

You may also like

Fortinet Flaw Lets Attackers Bypass Authentication and Take Control of Devices

Marks & Spencer Confirms Customer Data Breach After Major Cyberattack

Scattered Spider Targets UK Retail Sector in Sophisticated Supply Chain Attacks

Critical ASUS DriverHub Flaw Allowed One-Click Remote Code Execution

New Malware “PupkinStealer” Targets Windows Users to Steal Browser Credentials

BEC and FTF Scams Drive Most Cyber Insurance Claims, Coalition Report Finds

blank

At ProxyServerPro, we are dedicated to providing cutting-edge proxy solutions tailored to meet the diverse needs of businesses and individuals. Our platform offers a comprehensive range of high-performance proxies, including residential, datacenter, and mobile options, ensuring seamless browsing, data scraping, and online anonymity. With a focus on reliability, speed, and security, we empower users to navigate the digital landscape with confidence. Whether you’re managing ad verification, market research, or web automation, ProxyServerPro is your trusted partner for scalable, efficient, and secure proxy services. Explore our portal to discover how we can elevate your online experience.

popular recommendation

What is CroxyProxy?
What is a Web Proxy Server? Types, Benefits & Use Cases
What is FoxyProxy? Features, Benefits & Use Cases
11 Nation-State Groups Exploit Microsoft Zero-Day Flaw

Useful Links

TAGS

© 2024 Copyright  proxyserverpro.com