A critical zero-day vulnerability (CVE-2025-32756) in multiple Fortinet products, including FortiVoice, has been actively exploited. The flaw is a stack-based buffer overflow that allows remote code execution without authentication. Attackers can gain full control of affected systems, access sensitive data, and pivot to other internal networks. The vulnerability stems from an enabled fcgi debugging option, which is not a default setting. Fortinet has released patches and recommends immediate action. Detection methods include checking for enabled fcgi debugging and monitoring specific log entries. The threat actor has been observed conducting network scans, deleting crash logs, and enabling FCGI debugging to capture credentials.