CVE-2025-32756

**CVE-2025-32756 (Fortinet)** — A critical stack-based overflow affecting FortiVoice, FortiCamera, FortiMail, FortiNDR, and FortiRecorder enables unauthenticated remote code execution via crafted HTTP requests; Fortinet confirms exploitation in the wild (observed against FortiVoice) and has published fixes and IoCs. Arctic Wolf strongly recommends upgrading to listed fixed versions or disabling the HTTP/HTTPS admin interface as a temporary workaround; observed post-exploitation behavior includes malware deployment, credential theft via cron jobs, and network reconnaissance.