Skip to content

Add vulnerability detection module for CVE-2025-32756 (Fortivoice/FortiMail RCE) #1502

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
Raavi29 wants to merge 6 commits into from
+390 −555
Closed

Add vulnerability detection module for CVE-2025-32756 (Fortivoice/FortiMail RCE) #1502

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
a69c715
Add unit tests for is_weak_hash_algo in ssl module
Raavi29 Mar 25, 2026
d947eb6
Move test file to mirror package structure (tests/core/lib/test_ssl.py)
Raavi29 Mar 25, 2026
12550d0
Fix header comment path and remove unused import
Raavi29 Mar 25, 2026
85f9f91
Add tests for nettacker/core/ip.py - 61 tests, 83% coverage
Raavi29 Mar 25, 2026
abb916e
Add detection module for CVE-2025-32756 (FortiVoice/FortiMail RCE)
Raavi29 Apr 4, 2026
0a5ccba
Trigger CI re-run
Raavi29 Apr 10, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions docs/Modules.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -200,6 +200,7 @@ If you want to scan all ports please define -g 1-65535 range. Otherwise Nettacke
- '**exponent_cms_cve_2021_38751_vuln**' – check the target for Exponent CMS CVE-2021-38751
- '**f5_cve_2020_5902_vuln**' – check the target for F5 RCE CVE-2020-5902 vulnerability
- '**forgerock_am_cve_2021_35464_vuln**' – check the target for ForgeRock AM CVE-2021-35464
- '**fortivoice_cve_2025_32756_vuln**' – check the target for Fortinet FortiVoice/FortiMail/FortiNDR/FortiRecorder/FortiCamera CVE-2025-32756 unauthenticated RCE vulnerability
- '**galera_webtemp_cve_2021_40960_vuln**' – check the target for Galera WebTemplate CVE-2021-40960
- '**grafana_cve_2021_43798_vuln**' – check the target for Grafana CVE-2021-43798 vulnerability
- '**graphql_vuln**' – check the target for exposed GraphQL introspection endpoint
Expand Down
54 changes: 54 additions & 0 deletions nettacker/modules/vuln/fortivoice_cve_2025_32756.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,54 @@
info:
name: fortivoice_cve_2025_32756_vuln
author: Parneet Kaur
severity: 9.8
description: >
Fortinet FortiVoice, FortiMail, FortiNDR, FortiRecorder and FortiCamera
stack-based buffer overflow in /remote/hostcheck_validate allowing
unauthenticated remote code execution via crafted HTTP requests.
Actively exploited in the wild. CISA KEV listed.
reference:
- https://nvd.nist.gov/vuln/detail/CVE-2025-32756
- https://www.fortiguard.com/psirt/FG-IR-25-254
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog
profiles:
- vuln
- http
- critical_severity
- cve
- cve2025
- fortinet
- fortivoice
Comment thread
Raavi29 marked this conversation as resolved.
- cisa_kev
payloads:
- library: http
steps:
- method: get
timeout: 3
headers:
User-Agent: "{user_agent}"
ssl: false
url:
nettacker_fuzzer:
input_format: "{{schema}}://{target}:{{ports}}/remote/hostcheck_validate"
prefix: ""
suffix: ""
interceptors:
data:
schema:
- "http"
- "https"
ports:
- 80
- 443
- 8080
- 8443
response:
condition_type: and
conditions:
status_code:
regex: "^(200|400|405|500)$"
reverse: false
content:
regex: "(?i)(FortiVoice|FortiMail|FortiNDR|FortiRecorder|FortiCamera|hostcheck)"
reverse: false
Comment thread
Raavi29 marked this conversation as resolved.
Loading