Fortinet Confirms Active Exploitation of Critical Flaw in FortiVoice Phone Systems

By Netvora Tech News

Fortinet, a leading cybersecurity company, has confirmed that attackers are actively exploiting a critical vulnerability in its FortiVoice phone system. The vulnerability, identified as CVE-2025-32756, is a stack-based overflow that allows attackers to execute code or commands on the affected system.

FortiVoice is a communication platform that offers phone, chat, fax, and conferencing capabilities. The vulnerability was discovered in the platform's code, which enables attackers to compromise the system and perform network scans, delete crash logs, and enable debugging mode to store login credentials or SSH login attempts.

Fortinet has published several Indicators of Compromise (IOCs) that detail the activities of attackers on compromised systems, as well as the IP addresses, modified files, and configurations used in the attacks.

Wider Impact

The vulnerability is not limited to FortiVoice, but is also present in other Fortinet products, including FortiCamera, FortiMail, FortiNDR, and FortiRecorder. However, Fortinet has only observed exploitation of the vulnerability in FortiVoice systems.

The severity of the vulnerability has been rated 9.6 out of 10, indicating its high impact. Organizations are advised to update to the latest version of FortiVoice as soon as possible to mitigate the risk of exploitation.

Workaround

As a temporary measure, Fortinet recommends disabling the HTTP/HTTPS admin interface to prevent attackers from exploiting the vulnerability.

Fortinet has confirmed active exploitation of the vulnerability.
The vulnerability is a stack-based overflow that enables attackers to execute code or commands on the affected system.
The vulnerability is present in multiple Fortinet products, but has only been observed in FortiVoice systems.
The severity of the vulnerability has been rated 9.6 out of 10.
Organizations are advised to update to the latest version of FortiVoice as soon as possible.