CISA: ‘Critical’ Fortinet Vulnerability In Multiple Products Seeing Exploitation

The remote code execution flaw impacts products including FortiVoice, FortiMail, FortiNDR, FortiRecorder and FortiCamera.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) confirmed Wednesday that a critical-severity vulnerability impacting multiple Fortinet products has seen exploitation in cyberattacks.

The cybersecurity vendor had disclosed Tuesday that the remote code execution flaw (tracked at CVE-2025-32756) impacts FortiVoice, FortiMail, FortiNDR, FortiRecorder and FortiCamera. Attackers have utilized the vulnerability to compromise one of the products — the FortiVoice unified communications platform, Fortinet said Tuesday.

[Related: 10 Major Ransomware Attacks And Data Breaches In 2024]

“Fortinet has observed this [vulnerability] to be exploited in the wild on FortiVoice,” the company had said.

The vendor released patches for the flaw Tuesday. The company’s advisory “provided mitigation guidance, including a workaround and patch update, and recommended next steps,” Fortinet said in a statement to CRN Wednesday.

The advisory from CISA issued Wednesday did not provide further specifics on which products have been impacted in attacks exploiting the vulnerability.

The stack-based overflow vulnerability has received a rating of “critical,” with a severity score of 9.6 out of 10.0. The vulnerability was added to CISA’s catalog of vulnerabilities known to have seen exploitation Wednesday.

“These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise,” CISA wrote in its advisory.

While the order only applies to Federal Civilian Executive Branch agencies, CISA “strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of [such] vulnerabilities as part of their vulnerability management practice,” the agency said.

The vulnerability can enable “a remote unauthenticated attacker to execute arbitrary code or commands via crafted HTTP requests,” Fortinet said in its advisory Tuesday.

In its statement Wednesday, Fortinet said that it has “proactively communicated to customers” about the flaw via its PSIRT Advisory process, and that it seeks to balance the needs for security and transparency through its disclosures.