{"$ref":"https://www.cert.ssi.gouv.fr/openapi.json","affected_systems":[{"description":"FortiMail versions 7.4.x ant\u00e9rieures \u00e0 7.4.5","product":{"name":"FortiMail","vendor":{"name":"Fortinet","scada":false}}},{"description":"FortiNDR versions 7.1.x \u00e0 7.2.x ant\u00e9rieures \u00e0 7.2.5","product":{"name":"FortiNDR","vendor":{"name":"Fortinet","scada":false}}},{"description":"FortiNDR versions 7.6.x ant\u00e9rieures \u00e0 7.6.1","product":{"name":"FortiNDR","vendor":{"name":"Fortinet","scada":false}}},{"description":"FortiMail versions 7.6.x ant\u00e9rieures \u00e0 7.6.3","product":{"name":"FortiMail","vendor":{"name":"Fortinet","scada":false}}},{"description":"FortiRecorder versions 7.0.x ant\u00e9rieures \u00e0 7.0.6","product":{"name":"FortiRecorder","vendor":{"name":"Fortinet","scada":false}}},{"description":"FortiVoice versions 7.2.x ant\u00e9rieures \u00e0 7.2.1","product":{"name":"FortiVoice","vendor":{"name":"Fortinet","scada":false}}},{"description":"FortiRecorder versions 7.2.x ant\u00e9rieures \u00e0 7.2.4","product":{"name":"FortiRecorder","vendor":{"name":"Fortinet","scada":false}}},{"description":"FortiNDR versions ant\u00e9rieures \u00e0 7.0.7","product":{"name":"FortiNDR","vendor":{"name":"Fortinet","scada":false}}},{"description":"FortiVoice versions 7.0.x ant\u00e9rieures \u00e0 7.0.7","product":{"name":"FortiVoice","vendor":{"name":"Fortinet","scada":false}}},{"description":"FortiRecorder versions 6.4.x ant\u00e9rieures \u00e0 6.4.6","product":{"name":"FortiRecorder","vendor":{"name":"Fortinet","scada":false}}},{"description":"FortiCamera versions ant\u00e9rieures \u00e0 2.1.4","product":{"name":"FortiCamera","vendor":{"name":"Fortinet","scada":false}}},{"description":"FortiMail versions 7.2.x ant\u00e9rieures \u00e0 7.2.8","product":{"name":"FortiMail","vendor":{"name":"Fortinet","scada":false}}},{"description":"FortiVoice versions 6.4.x ant\u00e9rieures \u00e0 6.4.11","product":{"name":"FortiVoice","vendor":{"name":"Fortinet","scada":false}}},{"description":"FortiNDR versions 7.4.x ant\u00e9rieures \u00e0 7.4.8","product":{"name":"FortiNDR","vendor":{"name":"Fortinet","scada":false}}},{"description":"FortiMail versions 7.0.x ant\u00e9rieures \u00e0 7.0.9","product":{"name":"FortiMail","vendor":{"name":"Fortinet","scada":false}}}],"affected_systems_content":"","closed_at":"2025-06-24","content":"## Solutions\n\nLe CERT-FR recommande l'application des correctifs dans les plus brefs d\u00e9lais, se r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l'\u00e9diteur pour l'obtention des correctifs (cf. section Documentation).\n\n Si cela n'est pas possible, l'\u00e9diteur recommande de d\u00e9sactiver l'interface de gestion. Le CERT-FR rappelle que l'exposition d'une interface de gestion sur Internet est contraire aux bonnes pratiques.","cves":[{"name":"CVE-2025-32756","url":"https://www.cve.org/CVERecord?id=CVE-2025-32756"}],"links":[{"title":"Avis CERT-FR CERTFR-2025-AVI-0399 du 13 mai 2025","url":"https://www.cert.ssi.gouv.fr/avis/CERTFR-2025-AVI-0399/"}],"reference":"CERTFR-2025-ALE-006","revisions":[{"description":"Version initiale","revision_date":"2025-05-13T00:00:00.000000"},{"description":" Cl\u00f4ture de l'alerte. Cela ne signifie pas la fin d'une menace. Seule l'application de la mise \u00e0 jour permet de vous pr\u00e9munir contre l'exploitation de la vuln\u00e9rabilit\u00e9 correspondante.","revision_date":"2025-06-24T00:00:00.000000"}],"risks":[{"description":"Ex\u00e9cution de code arbitraire \u00e0 distance"}],"summary":"Le 13 mai 2025, Fortinet a publi\u00e9 un avis de s\u00e9curit\u00e9 concernant la vuln\u00e9rabilit\u00e9 CVE-2025-32756.  Celle-ci permet \u00e0 un attaquant non authentifi\u00e9 d'ex\u00e9cuter du code arbitraire \u00e0 distance.\n\nL'\u00e9diteur indique que cette vuln\u00e9rabilit\u00e9 est activement exploit\u00e9e. Les exploitations constat\u00e9es jusqu'ici concernent les produits FortiVoice.\n\nFortinet fournit \u00e9galement des marqueurs de compromission \u00e0 rechercher.\n","title":"Vuln\u00e9rabilit\u00e9 dans les produits Fortinet","vendor_advisories":[{"published_at":"2025-05-13","title":"Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-254","url":"https://www.fortiguard.com/psirt/FG-IR-25-254"}]}