Fortinet Products Multiple Vulnerabilities

Release Date: 14 May 2025

RISK: Extremely High Risk

TYPE: Operating Systems - Networks OS

Multiple vulnerabilities were identified in Fortinet Products. A remote attacker could exploit some of these vulnerabilities to trigger denial of service condition, elevation of privilege, remote code execution, sensitive information disclosure and data manipulation on the targeted system.

Note:

CVE-2025-32756 is being exploited in the wild. A remote unauthenticated attacker can exploit this stack-based overflow vulnerability to execute arbitrary code or commands via crafted HTTP requests.

Impact

Denial of Service
Elevation of Privilege
Remote Code Execution
Information Disclosure
Data Manipulation

System / Technologies affected

FortiCamera 1.1 all versions
FortiCamera 2.0 all versions
FortiCamera 2.1.0 through 2.1.3
FortiClientEMS 7.4.0 through 7.4.1
FortiClientEMS Cloud 7.4.0 through 7.4.1
FortiClientMac 7.0 all versions
FortiClientMac 7.2.0 through 7.2.8
FortiClientMac 7.4.0 through 7.4.2
FortiClientWindows 7.2.0 through 7.2.1
FortiMail 7.0.0 through 7.0.8
FortiMail 7.2.0 through 7.2.7
FortiMail 7.4.0 through 7.4.4
FortiMail 7.6.0 through 7.6.2
FortiManager 7.0.0 through 7.0.7
FortiManager 7.2.0 through 7.2.1
FortiNDR 1.1 all versions
FortiNDR 1.2 all versions
FortiNDR 1.3 all versions
FortiNDR 1.4 all versions
FortiNDR 1.5 all versions
FortiNDR 7.0.0 through 7.0.6
FortiNDR 7.1 all versions
FortiNDR 7.2.0 through 7.2.4
FortiNDR 7.4.0 through 7.4.7
FortiNDR 7.6.0
FortiOS 6.4 all versions
FortiOS 7.0.0 through 7.0.14
FortiOS 7.2.0 through 7.2.7
FortiOS 7.4.0 through 7.4.3
FortiRecorder 6.4.0 through 6.4.5
FortiRecorder 7.0.0 through 7.0.5
FortiRecorder 7.2.0 through 7.2.3
FortiVoice 6.4.0 through 6.4.10
FortiVoice 7.0.0 through 7.0.6
FortiVoice 7.2.0

Solutions

Before installation of the software, please visit the vendor web-site for more details.

Apply fixes issued by the vendor:

Vulnerability Identifier

Source

Fortinet

2025年5月14日星期三