Fortinet fixes critical zero-day exploited in FortiVoice attacks

Fortinet released security updates to patch a critical remote code execution vulnerability exploited as a zero-day in attacks targeting FortiVoice enterprise phone systems. The security flaw is a stack-based overflow vulnerability tracked as CVE-2025-32756 that also impacts FortiMail, FortiNDR, FortiRecorder, and FortiCamera. As the company explains in a security advisory issued on Tuesday, successful exploitation can allow remote unauthenticated attackers to execute arbitrary code or commands via maliciously crafted HTTP requests. Fortinet's Product Security Team discovered CVE-2025-32756 based on attackers' activity, including network scans, system crashlogs deletion to cover their tracks, and 'fcgi debugging' being toggled on to log credentials from the system or SSH login attempts. As detailed in today's security advisory, the threat actors have launched attacks from half a dozen IP addresses, including 198.105.127[.]124, 43.228.217[.]173, 43.228.217[.]82, 156.236.76[.]90, 218. ... Read full article.