Severity
Medium
Analysis Summary
CVE-2025-32756 CVSS:9.8
FortiVoice, FortiMail, FortiNDR, FortiRecorder and FortiCamera are vulnerable to a stack-based buffer overflow. By sending specially crafted HTTP requests, an attacker could exploit this vulnerability to overflow a buffer and execute arbitrary code on the system.
CVE-2025-22859 CVSS:5
A Relative Path Traversal vulnerability in FortiClientEMS and FortiClientEMS Cloud may allow a remote unauthenticated attacker to perform a limited arbitrary file write on the system via upload requests.
CVE-2024-35281 CVSS:2.3
An improper isolation or compartmentalization vulnerability in FortiClientMac and FortiVoiceUCDesktop desktop application may allow an authenticated attacker to inject code via Electron environment variables.
Impact
- Gain Access
- Buffer Overflow
- Code Execution
Indicators of Compromise
CVE
CVE-2025-32756
CVE-2025-22859
CVE-2024-35281
Affected Vendors
- Fortinet
Affected Products
- Fortinet FortiClientMac - 7.4.0 - 7.2.0 - 7.0.0
- Fortinet FortiRecorder - 7.2.0 - 7.0.0 - 6.4.0
- Fortinet FortiVoice - 7.2.0 - 7.0.0 - 6.4.0
- Fortinet FortiMail - 7.6.0 - 7.4.0 - 7.2.0 - 7.0.0
- Fortinet FortiNDR - 7.6.0 - 7.4.0 - 7.2.0 - 7.1.0 - 7.0.0 - 1.5.0 - 1.4.0 - 1.3.0 - 1.2.0 - 1.1.0
- Fortinet FortiCamera - 2.1.0 - 2.0.0 - 1.1.0
- Fortinet FortiClientEMS - 7.4.0
- Fortinet FortiVoiceUCDesktop - 3.0.0
Remediation
Refer to FortiGuard Security Advisory for patch, upgrade or suggested workaround information.