Cyber999 Advisories

Overview Contact Advisories Incident Statistics
Share this page :
26 May 2025     Advisory

MA-1334.052025: MyCERT Advisory - Critical Stack - Based Buffer Overflow Vulnerability in Fortinet Products

1.0 Introduction
Recently, Fortinet has released security updates to address a critical stack-based overflow vulnerability affecting several Fortinet products FortiVoice, FotiMail, FortiNDR, FortiRecorder, and FortiCamera.

2.0 Impact
This vulnerability allows remote unauthenticated attackers to execute arbitrary code or system commands through crafted HTTP requests. Fortinet has confirmed in-the-wild exploitation involving system reconnaissance, log wiping, credential harvesting, and malicious file installation.

3.0 Affected Products

Version Affected
FortiCamera 2.12.1.0 through 2.1.3
FortiCamera 2.02.0 all versions
FortiCamera 1.11.1 all versions
FortiMail 7.67.6.0 through 7.6.2
FortiMail 7.47.4.0 through 7.4.4
FortiMail 7.27.2.0 through 7.2.7
FortiMail 7.07.0.0 through 7.0.8
FortiNDR 7.67.6.0
FortiNDR 7.47.4.0 through 7.4.7
FortiNDR 7.27.2.0 through 7.2.4
FortiNDR 7.17.1 all versions
FortiNDR 7.07.0.0 through 7.0.6
FortiNDR 1.51.5 all versions
FortiNDR 1.41.4 all versions
FortiNDR 1.31.3 all versions
FortiNDR 1.21.2 all versions
FortiNDR 1.11.1 all versions
FortiRecorder 7.27.2.0 through 7.2.3
FortiRecorder 7.07.0.0 through 7.0.5
FortiRecorder 6.46.4.0 through 6.4.5
FortiVoice 7.27.2.0
FortiVoice 7.07.0.0 through 7.0.6
FortiVoice 6.46.4.0 through 6.4.10


4.0 Recommendations
CyberSecurity Malaysia encourages users and administrators to review the Fortinet Security Updates for Multiple Products and apply necessary updates. Kindly refer to the following URL: 

Generally, we advise the users of the devices to be updated with the latest security announcements by the vendor and follow best practice security policies to determine which updates should be applied.

For further enquiries, please contact us through the following channels:

E-mail: cyber999[at]cybersecurity.my 
Phone: 1-300-88-2999 (monitored during business hours) 
Mobile: +60 19 2665850 (24x7 call incident reporting) 
Business Hours: Mon - Fri 08:30 -17:30 MYT 
Web: https://www.mycert.org.my 

5.0 References

Search
Type
Archives
logo
CyberSecurity Malaysia is the national cyber security specialist agency under the purview of the Ministry of Digital (KD)
 
Select User Category
Contact Us

  • CyberSecurity Malaysia,
    Level 7 Tower 1, Menara Cyber Axis, Jalan Impact,
    63000 Cyberjaya, Selangor Darul Ehsan, Malaysia.

  • enquiry@cybersecurity.my

  • +603 - 8800 7999

  • +603 - 8008 7000

COPYRIGHT © CYBERSECURITY MALAYSIA

CONTACT US | DISCLAIMER | PERSONAL DATA PROTECTION NOTICE | SITEMAP

TOP
ASK Byte
Chatbot Portal

Hi, I am ASK Byte. Please submit your questions about the portal and I will try to get answers from online knowledge stores.

Hi, Saya Admin Chatbot. Saya sedia chat dengan anda secara terus. Bagaimana saya boleh membantu anda?

Click the button below to interact with the CSM chatbot

Proceed