A critical security vulnerability identified as CVE-2025-32756 has emerged, posing significant risks across several Fortinet products, including FortiVoice, FortiRecorder, FortiNDR, FortiMail, and FortiCamera. This vulnerability, assigned a CVSS score of 9.6, indicates an exceptionally high severity level, revealing the urgent need for remediation.
An alarming aspect of CVE-2025-32756 is that it has been actively exploited in the wild, primarily targeting FortiVoice appliances without requiring any form of authentication. As a result, this situation raises substantial concerns regarding enterprise security.
The implications of this vulnerability are severe, as it permits remote code execution. Attackers can execute arbitrary code or commands simply through crafted HTTP requests, drastically increasing the likelihood of a successful breach. The lack of authentication further exacerbates the issue, allowing threat actors to exploit these systems with ease. Threat activity observed involved network scanning, credential logging, and log file wiping, indicating the severity of the attacks underway.
Importantly, incidents have demonstrated that compromised systems could lead to data theft or unauthorized modification, depending on the privileges associated with the exploited user accounts. If exploited, attackers could gain complete control over affected systems leading to a cascade of security failures.
Fortinet has recognized the critical nature of CVE-2025-32756 and has mobilized efforts to address the concern. Patches for the affected products have been released, and users are strongly urged to update to these fixed versions without delay.
As a temporary safeguard, Fortinet recommends disabling the HTTP(S) administration interface. This vulnerability’s serious nature is reflected in its inclusion in the U.S. Cybersecurity and Infrastructure Security Agency’s list of known exploited vulnerabilities, illustrating the heightened risk to organizations that rely on affected Fortinet products.
