Fortinet Patches Critical Security Flaw Exploited in Zero-Day Attacks

Fortinet has addressed a critical security flaw that was exploited as a zero-day vulnerability in attacks targeting FortiVoice enterprise phone systems. The vulnerability, listed under the number CVE-2025-32756, has a CVSS score of 9.6 out of 10.0. It is a stack-based buffer overflow vulnerability [CWE-121] in FortiVoice, FortiMail, FortiNDR, FortiRecorder, and FortiCamera, which could allow an unauthenticated remote attacker to execute arbitrary code.