SB20250513104 - Remote code execution in Fortinet products
Published: May 13, 2025 Updated: June 13, 2025
Security Bulletin ID
SB20250513104
Severity
Critical
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Remote access
Highest impact
Code execution
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Stack-based buffer overflow (CVE-ID: CVE-2025-32756)
The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
The vulnerability exists due to stack-based buffer overflow in API. A remote unauthenticated attacker can execute arbitrary code or commands via crafted HTTP requests.
Note, this vulnerability is being actively exploited in the wild against FortiVoice instances.
Remediation
Install update from vendor's website.