Add detection module for CVE-2025-32756 (FortiVoice/FortiMail RCE)

Adds vuln module fortivoice_cve_2025_32756_vuln to detect exposure of
/remote/hostcheck_validate endpoint on Fortinet FortiVoice, FortiMail,
FortiNDR, FortiRecorder and FortiCamera devices.

CVE-2025-32756 is a CVSS 9.8 stack-based buffer overflow allowing
unauthenticated RCE via crafted HTTP requests. Actively exploited in
the wild and listed on CISA KEV catalog.

- Added docs/Modules.md entry
- Fixed reference: (singular) per Nettacker schema
- Fixed condition_type: and to prevent false positives

Closes #1382

Author: Raavi29

docs/Modules.md

@@ -200,6 +200,7 @@ If you want to scan all ports please define -g 1-65535 range. Otherwise Nettacke
 - '**exponent_cms_cve_2021_38751_vuln**' – check the target for Exponent CMS CVE-2021-38751
 - '**f5_cve_2020_5902_vuln**' – check the target for F5 RCE CVE-2020-5902 vulnerability
 - '**forgerock_am_cve_2021_35464_vuln**' – check the target for ForgeRock AM CVE-2021-35464
+- '**fortivoice_cve_2025_32756_vuln**' – check the target for Fortinet FortiVoice/FortiMail/FortiNDR/FortiRecorder/FortiCamera CVE-2025-32756 unauthenticated RCE vulnerability
 - '**galera_webtemp_cve_2021_40960_vuln**' – check the target for Galera WebTemplate CVE-2021-40960
 - '**grafana_cve_2021_43798_vuln**' – check the target for Grafana CVE-2021-43798 vulnerability
 - '**graphql_vuln**' – check the target for exposed GraphQL introspection endpoint

nettacker/modules/vuln/fortivoice_cve_2025_32756.yaml

@@ -0,0 +1,54 @@
+info:
+  name: fortivoice_cve_2025_32756_vuln
+  author: Parneet Kaur
+  severity: 9.8
+  description: >
+    Fortinet FortiVoice, FortiMail, FortiNDR, FortiRecorder and FortiCamera
+    stack-based buffer overflow in /remote/hostcheck_validate allowing
+    unauthenticated remote code execution via crafted HTTP requests.
+    Actively exploited in the wild. CISA KEV listed.
+  reference:
+    - https://nvd.nist.gov/vuln/detail/CVE-2025-32756
+    - https://www.fortiguard.com/psirt/FG-IR-25-254
+    - https://www.cisa.gov/known-exploited-vulnerabilities-catalog
+  profiles:
+    - vuln
+    - http
+    - critical_severity
+    - cve
+    - cve2025
+    - fortinet
+    - fortivoice
+    - cisa_kev
+payloads:
+  - library: http
+    steps:
+      - method: get
+        timeout: 3
+        headers:
+          User-Agent: "{user_agent}"
+        ssl: false
+        url:
+          nettacker_fuzzer:
+            input_format: "{{schema}}://{target}:{{ports}}/remote/hostcheck_validate"
+            prefix: ""
+            suffix: ""
+            interceptors:
+            data:
+              schema:
+                - "http"
+                - "https"
+              ports:
+                - 80
+                - 443
+                - 8080
+                - 8443
+        response:
+          condition_type: and
+          conditions:
+            status_code:
+              regex: "^(200|400|405|500)$"
+              reverse: false
+            content:
+              regex: "(?i)(FortiVoice|FortiMail|FortiNDR|FortiRecorder|FortiCamera|hostcheck)"
+              reverse: false