![[The AI Show Episode 148]: Microsoft’s Quiet AI Layoffs, US Copyright Office’s Bombshell AI Guidance, 2025 State of Marketing AI Report, and OpenAI Codex](https://www.marketingaiinstitute.com/hubfs/ep%20148%20cover%20%281%29.png)
![[The AI Show Episode 146]: Rise of “AI-First” Companies, AI Job Disruption, GPT-4o Update Gets Rolled Back, How Big Consulting Firms Use AI, and Meta AI App](https://www.marketingaiinstitute.com/hubfs/ep%20146%20cover.png)
![[DEALS] Babbel Language Learning: Lifetime Subscription (All Languages) (71% off) & Other Deals Up To 98% Off – Offers End Soon!](https://www.javacodegeeks.com/wp-content/uploads/2012/12/jcg-logo.jpg){kind=logo}
![Borderlands 4 Boss Says 'A Real Fan' Will Pay $80 For Games [Update]](https://i.kinja-img.com/image/upload/c_fill,h_675,pg_1,q_80,w_1200/086e4654c281e40d12b833591d2c6fdc.jpg)
_Olekcii_Mach_Alamy.jpg?width=1280&auto=webp&quality=80&disable=upscale#)
![Nomad levels up its best-selling charger with new 100W slim adapter [Hands-on]](https://i0.wp.com/9to5mac.com/wp-content/uploads/sites/6/2025/05/100w-FI.jpg.jpg?resize=1200%2C628&quality=82&strip=all&ssl=1)
![Google just showed off Android Auto’s upcoming light theme [Gallery]](https://i0.wp.com/9to5google.com/wp-content/uploads/sites/4/2025/05/android-auto-light-theme-documentation-2.jpg?resize=1200%2C628&quality=82&strip=all&ssl=1)
![Apple Accelerates Smart Glasses for 2026, Cancels Watch With Camera [Report]](https://www.iclarified.com/images/news/97408/97408/97408-640.jpg)
![Jony Ive and OpenAI Working on AI Device With No Screen [Kuo]](https://www.iclarified.com/images/news/97401/97401/97401-640.jpg)
![Anthropic Unveils Claude 4 Models That Could Power Apple Xcode AI Assistant [Video]](https://www.iclarified.com/images/news/97407/97407/97407-640.jpg)
PoC Published For Fortinet 0-Day Vulnerability That Being Exploited in the Wild
Security researchers have published detailed proof-of-concept (PoC) analysis for a critical zero-day vulnerability affecting multiple Fortinet products, as threat actors continue to exploit the flaw in real-world attacks actively. The vulnerability, tracked as CVE-2025-32756, represents a significant security risk with a CVSS score of 9.6 out of 10. The vulnerability is a stack-based buffer overflow […] The post PoC Published For Fortinet 0-Day Vulnerability That Being Exploited in the Wild appeared first on Cyber Security News.
Security researchers have published detailed proof-of-concept (PoC) analysis for a critical zero-day vulnerability affecting multiple Fortinet products, as threat actors continue to exploit the flaw in real-world attacks actively.
The vulnerability, tracked as CVE-2025-32756, represents a significant security risk with a CVSS score of 9.6 out of 10.
The vulnerability is a stack-based buffer overflow in the administrative API that allows remote unauthenticated attackers to execute arbitrary code through specially crafted HTTP requests.
The flaw affects five major Fortinet product lines: FortiVoice, FortiMail, FortiNDR, FortiRecorder, and FortiCamera across multiple versions.
Vulnerability Under Active Exploitation
Detailed technical analysis published by horizon3 security researchers reveals that the vulnerability stems from improper bounds checking during the processing of APSCOOKIE values in the cookieval_unwrap() function within the libhttputil.so library.
The researchers discovered that while patched versions include size checks limiting AuthHash values, vulnerable versions allow attackers to overflow a 16-byte output buffer and overwrite critical stack values, including the return address.
Fortinet confirmed that threat actors have been actively exploiting this vulnerability in the wild, specifically targeting FortiVoice unified communication systems.
The company’s Product Security Team discovered the exploitation through observed threat activity that included network scanning, credential harvesting, and log file manipulation.
According to Fortinet’s indicators of compromise (IoCs), attackers have been observed conducting device network scans, erasing system crash logs, and enabling ‘fcgi debugging’ to capture authentication attempts, including SSH logins. The threat actors have also deployed malware and established cron jobs for ongoing credential theft.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added CVE-2025-32756 to its Known Exploited Vulnerabilities (KEV) catalog on May 14, 2025, just one day after Fortinet’s initial advisory. This designation requires federal agencies to remediate the vulnerability by June 4, 2025, highlighting the urgency of the threat.
The rapid addition to the KEV catalog reflects the severity of active exploitation and the potential for widespread impact across enterprise environments that rely on Fortinet’s security and communication infrastructure.
Immediate Patching Required
Security experts strongly recommend immediate upgrades to fixed versions across all affected products. For organizations unable to immediately patch, Fortinet provides a workaround involving disabling the HTTP/HTTPS administrative interface.
The affected product versions require updates to specific fixed releases: FortiVoice systems should upgrade to versions 7.2.1, 7.0.7, or 6.4.11, depending on the current branch, while FortiMail requires updates to 7.6.3, 7.4.5, 7.2.8, or 7.0.9.
This marks the eighteenth Fortinet vulnerability to be added to CISA’s KEV list, demonstrating the continued targeting of Fortinet products by threat actors.
The combination of active exploitation, technical PoC availability, and the critical nature of affected enterprise infrastructure creates an urgent security situation requiring immediate attention from organizations using these products.
Given the ease of exploitation and availability of technical details, security professionals anticipate additional threat actors may begin targeting vulnerable systems in the coming days.
Equip your SOC team with deep threat analysis for faster response -> Get Extra Sandbox Licenses for Free
The post PoC Published For Fortinet 0-Day Vulnerability That Being Exploited in the Wild appeared first on Cyber Security News.
