关联漏洞
标题:
Fortinet多款产品 安全漏洞
(CVE-2025-32756)
描述:Fortinet FortiRecorder等都是美国飞塔(Fortinet)公司的产品。Fortinet FortiRecorder是一套基于Web的网络视频录像机管理系统。Fortinet FortiMail是一套电子邮件安全网关产品。Fortinet FortiVoice是一个统一通信和协作即服务。 Fortinet多款产品存在安全漏洞,该漏洞源于栈缓冲区溢出,可能导致执行任意代码。以下产品及版本受到影响:Fortinet FortiVoice 7.2.0版本、7.0.0至7.0.6版本、6.4.0
介绍
# CVE-2025-32756: Fortinet RCE PoC
A proof-of-concept for the critical stack-based buffer overflow vulnerability (CVE-2025-32756) affecting Fortinet products.
## Vulnerability
- **CVSS**: 9.8 (Critical)
- **Type**: Stack-based buffer overflow in AuthHash cookie processing
- **Impact**: Unauthenticated remote code execution
- **Affected Products**: FortiVoice, FortiMail, FortiNDR, FortiRecorder, FortiCamera
The vulnerability exists in the processing of the `enc` parameter in the `/remote/hostcheck_validate` endpoint, where improper bounds checking allows buffer overflow.
## Usage
```
python3 fortinet_cve_2025_32756_poc.py target_ip [-p port] [-d]
```
### Arguments:
- `target_ip`: Target Fortinet device
- `-p, --port`: Target port (default: 443)
- `-d, --debug`: Enable debug output
## Mitigation
Update to patched versions:
- FortiVoice: 7.2.1+, 7.0.7+, 6.4.11+
- FortiMail: 7.6.3+, 7.4.5+, 7.2.8+, 7.0.9+
- FortiNDR: 7.6.1+, 7.4.8+, 7.2.5+, 7.0.7+
- FortiRecorder: 7.2.4+, 7.0.6+, 6.4.6+
- FortiCamera: 2.1.4+
## Disclaimer
For educational and research purposes only. Use only against systems you own or have permission to test.
文件快照
[4.0K] /data/pocs/1c7a587a2bac0119cbfe46491a0b79299d65edd9
├── [7.2K] fortinet_cve_2025_32756_poc.py
├── [1.1K] README.md
└── [ 34] requirements.txt
0 directories, 3 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。