Fortinet多款产品(如FortiCamera、FortiMail等)存在堆栈溢出漏洞(CVE-2025-32756),攻击者可利用该漏洞通过管理API实现未认证的远程代码执行。已观察到攻击者清除系统日志并启用调试以窃取凭证或监控登录尝试。建议用户及时更新至最新版本并检查妥协迹象。 2025-5-23 15:12:10 Author: horizon3.ai(查看原文) 阅读量:48 收藏
Fortinet Multiple Products Stack-Based Buffer Overflow Vulnerability
A critical vulnerability, CVE-2025-32756, has been identified in various Fortinet products, including FortiCamera, FortiMail, FortiNDR, FortiRecorder, and FortiVoice. Threat actors are actively exploiting this stack-based buffer overflow in the administrative API to achieve unauthenticated remote code execution. The vulnerability was added to the CISA KEV catalog on May 14, 2025.
In observed exploitation cases, threat actors have performed operations such as scanning the device network, erasing system crashlogs, and enabling fcgi debugging to log credentials or SSH login attempts. Because Fortinet solutions are often deployed on-premises, the onus is on the users to apply security measures. Failure to promptly update and patch systems significantly increases the risk of compromise.
Mitigations
- Follow the vendor’s guidance for updating to the latest version.
- Post-mitigation check for indicators of compromise.
Rapid Response N-Day Testing
🔗 CVE-2025-32756: Low-Rise Jeans are Back and so are Buffer Overflows
Read about other CVEs
NodeZero® Platform
Implement a continuous find, fix, and verify loop with NodeZero
The NodeZero® platform empowers your organization to reduce your security risks by autonomously finding exploitable weaknesses in your network, giving you detailed guidance around how to priortize and fix them, and having you immediately verify that your fixes are effective.
Recognized By
如有侵权请联系:admin#unsafe.sh