294/68 Friday, August 15, 2025
Fortinet has issued a warning regarding a critical vulnerability, identified as CVE-2025-25256, which has received a CVSS severity score of 9.8. The vulnerability is currently under active exploitation targeting FortiSIEM systems. It is classified as an OS Command Injection vulnerability that allows unauthenticated attackers to execute arbitrary commands via specially crafted CLI requests.
Fortinet noted that there are no clear Indicators of Compromise (IoCs) for this vulnerability, making detection difficult. Moreover, publicly available exploit code has already been observed, further emphasizing the urgency for users to immediately apply the available patches.
Affected FortiSIEM Versions:
- FortiSIEM 6.1, 6.2, 6.3, 6.4, 6.5, 6.6 (Update to the latest patched version)
- FortiSIEM 6.7.0 – 6.7.9 (Update to 6.7.10 or later)
- FortiSIEM 7.0.0 – 7.0.3 (Update to 7.0.4 or later)
- FortiSIEM 7.1.0 – 7.1.7 (Update to 7.1.8 or later)
- FortiSIEM 7.2.0 – 7.2.5 (Update to 7.2.6 or later)
- FortiSIEM 7.3.0 – 7.3.1 (Update to 7.3.2 or later)
- FortiSIEM 7.4 is not affected
In addition to patching, Fortinet also recommends a workaround: restricting access to the phMonitor port (7900) to mitigate the risk of exploitation.
