Fortinet Warns of Actively Exploited Critical Vulnerability in FortiSIEM
Cybersecurity firm Fortinet has issued a critical alert for a severe vulnerability, CVE-2025-25256, in its FortiSIEM product. The flaw, discovered by Xiaobo Chen, is actively exploited and poses a high risk with a CVSS score of 9.8.
The vulnerability, an OS command injection flaw, allows unauthenticated attackers to run arbitrary code or commands via crafted CLI requests. It affects a wide range of FortiSIEM versions, including 6.1 to 6.6, 6.7.0 to 6.7.9, 7.0.0 to 7.0.3, 7.1.0 to 7.1.7, and 7.2.0 to 7.2.5, as well as 7.3.0 to 7.3.1. FortiSIEM 7.4 is not impacted.
To mitigate the risk, Fortinet advises limiting access to the phMonitor port (7900). Despite the exploit being in the wild, clear Indicators of Compromise (IoCs) have not been identified.
Fortinet urges users to apply the recommended mitigation and monitor their systems for any suspicious activity. Further updates are expected as the investigation continues.
Read also:
- Pablo Escobar's Former Estate 'Hacienda Nápoles' to Be Transformed by Women's Organization
- Emergency services of the future revealed by Renault with the introduction of the Vision 4Rescue vehicle.
- Dortmund Customs Find Wage, Employment, and Benefit Fraud in Hotel and Gastronomy Sector
- SonicWall executive Michael Crean discusses the current state of managed security
