| Capability ID | Capability Description | Mapping Type | ATT&CK ID | ATT&CK Name | Notes |
|---|---|---|---|---|---|
| CVE-2025-32756 | Fortinet Multiple Products Stack-Based Buffer Overflow Vulnerability | exploitation_technique | T1133 | External Remote Services |
Comments
Attackers use a Python script (publicly available or custom) to send a malformed POST request, triggering a buffer overflow. From there, they execute remote code and malicious payloads (i.e. malware), harvest credentials, move laterally over the network, erase logs to avoid detection, and exfiltrate data over C2.
References
|
| CVE-2025-32756 | Fortinet Multiple Products Stack-Based Buffer Overflow Vulnerability | primary_impact | T1059 | Command and Scripting Interpreter |
Comments
Attackers use a Python script (publicly available or custom) to send a malformed POST request, triggering a buffer overflow. From there, they execute remote code and malicious payloads (i.e. malware), harvest credentials, move laterally over the network, erase logs to avoid detection, and exfiltrate data over C2.
References
|
| CVE-2025-32756 | Fortinet Multiple Products Stack-Based Buffer Overflow Vulnerability | secondary_impact | T1608.001 | Upload Malware |
Comments
Attackers use a Python script (publicly available or custom) to send a malformed POST request, triggering a buffer overflow. From there, they execute remote code and malicious payloads (i.e. malware), harvest credentials, move laterally over the network, erase logs to avoid detection, and exfiltrate data over C2.
References
|
| CVE-2025-32756 | Fortinet Multiple Products Stack-Based Buffer Overflow Vulnerability | secondary_impact | T1003 | OS Credential Dumping |
Comments
Attackers use a Python script (publicly available or custom) to send a malformed POST request, triggering a buffer overflow. From there, they execute remote code and malicious payloads (i.e. malware), harvest credentials, move laterally over the network by scanning for other devices, erase logs to avoid detection, and exfiltrate data over C2.
References
|
| CVE-2025-32756 | Fortinet Multiple Products Stack-Based Buffer Overflow Vulnerability | secondary_impact | T1046 | Network Service Discovery |
Comments
Attackers use a Python script (publicly available or custom) to send a malformed POST request, triggering a buffer overflow. From there, they execute remote code and malicious payloads (i.e. malware), harvest credentials, move laterally over the network by scanning for other devices, erase logs to avoid detection, and exfiltrate data over C2.
References
|
| CVE-2025-32756 | Fortinet Multiple Products Stack-Based Buffer Overflow Vulnerability | secondary_impact | T1070.004 | File Deletion |
Comments
Attackers use a Python script (publicly available or custom) to send a malformed POST request, triggering a buffer overflow. From there, they execute remote code and malicious payloads (i.e. malware), harvest credentials, move laterally over the network by scanning for other devices, erase logs to avoid detection, and exfiltrate data over C2.
References
|
| CVE-2025-32756 | Fortinet Multiple Products Stack-Based Buffer Overflow Vulnerability | secondary_impact | T1041 | Exfiltration Over C2 Channel |
Comments
Attackers use a Python script (publicly available or custom) to send a malformed POST request, triggering a buffer overflow. From there, they execute remote code and malicious payloads (i.e. malware), harvest credentials, move laterally over the network by scanning for other devices, erase logs to avoid detection, and exfiltrate data over C2.
References
|