<ul><li>Fortinet has fixed a critical remote code execution zero-day vulnerability, CVE-2025-32756, actively exploited in attacks targeting FortiVoice enterprise phone systems.</li><li>The vulnerability affects FortiVoice, FortiMail, FortiNDR, FortiRecorder, and FortiCamera, allowing remote unauthenticated attackers to execute arbitrary code via malicious HTTP requests.</li><li>Threat actors exploiting the flaw scanned networks, erased crash logs, and deployed malware on compromised servers. They also added credential-stealing cron jobs and used scripts to scan victim networks.</li><li>Fortinet recommends disabling the HTTP/HTTPS administrative interface as a workaround. The attackers were identified using several IP addresses and enabling the 'fcgi debugging' setting on compromised systems.</li></ul>

Fortinet fixed actively exploited FortiVoice zero-day

Discover more