FortiCamera - RCE (CVE-2025-32756)

CVE-2025-32756 is a high-severity vulnerability affecting several Fortinet products, where a stack-based buffer overflow can be triggered by remote, unauthenticated attackers. Exploitation can lead to arbitrary code or command execution through crafted HTTP requests leveraging a vulnerable handler.

CrowdSec has been tracking this vulnerability and its exploits since 26th of May 2025.

CrowdSec network data shows that most actors exploiting CVE-2025-32756 rely on broad, untargeted scans with minimal filtering. The activity is largely automated and opportunistic in nature. Telemetry from the CrowdSec network also shows that exploitation activity for CVE-2025-32756 remains steady week-over-week. Attack volumes are consistent with long-term trends, indicating sustained interest from threat actors. CVE-2025-32756 continues to be an active part of the threat landscape and will likely remain this way for the forseeable future.

Identified exploitation attempts would focus on requests targeting the /module/admin.fe URL.

Exploitation

Get real-time information about exploitation attempts and actors involved.

Detected IPs

Discover the IPs that targeted this vulnerability across the CrowdSec Network.

・

Protection

Find out relevant information to protect your stack against this CVE.

Blocklist

With our advanced worldwide network detection, CrowdSec can provide a list of IPs known for exploiting the vulnerability.

To increase your protection against this CVE, block exploitation attempts with this list of identified actors.

FortiCamera - RCE (CVE-2025-32756)

Exploitation

Detected IPs

Protection

Blocklist

References