CVE-2025-32756CRITICAL 9.8CISA KEVEPSS p98.0%
CVE-2025-32756Fortinet Multiple Products Stack-Based Buffer Overflow Vulnerability
Fortinet / Multiple Products
Description
Fortinet FortiFone, FortiVoice, FortiNDR and FortiMail contain a stack-based overflow vulnerability that may allow a remote unauthenticated attacker to execute arbitrary code or commands via crafted HTTP requests.
Scoring
| CVSS 3.1 | 9.8 (CRITICAL) |
| Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
| EPSS | 30.13% probability of exploitation · percentile 98.0% · 2026-06-18T12:00:27Z |
| Published | 2025-05-13 |
| Last modified | 2026-01-14 |
CISA KEV entry
Added to KEV: 2025-05-14
Underlying weaknesses· 2
References
2
| Type | Target | Confidence | Tier |
|---|---|---|---|
| Weakness | Stack-based Buffer Overflowcwe-121 | 0% | live |
| Weakness | Out-of-bounds Writecwe-787 | 0% | live |
(incoming)1
| Type | Target | Confidence | Tier |
|---|---|---|---|
| KEVEntry | Fortinet Multiple Products Stack-Based Buffer Overflow Vulnerabilitykev-cve-2025-32756 | 0% | live |
Related by meaning· 6
Nearest entities by semantic similarity across the cs-graph corpus.