Aug 13, 2025Ravie LakshmananVulnerability / Community Safety
Fortinet is alerting prospects of a vital safety flaw in FortiSIEM for which it stated there exists an exploit within the wild.
The vulnerability, tracked as CVE-2025-25256, carries a CVSS rating of 9.8 out of a most of 10.0.
“An improper neutralization of particular parts utilized in an OS command (‘OS Command Injection’) vulnerability [CWE-78] in FortiSIEM could enable an unauthenticated attacker to execute unauthorized code or instructions through crafted CLI requests,” the corporate stated in a Tuesday advisory.
The next variations are impacted by the flaw –
FortiSIEM 6.1, 6.2, 6.3, 6.4, 6.5, 6.6 (Migrate to a hard and fast launch)
FortiSIEM 6.7.0 by way of 6.7.9 (Improve to six.7.10 or above)
FortiSIEM 7.0.0 by way of 7.0.3 (Improve to 7.0.4 or above)
FortiSIEM 7.1.0 by way of 7.1.7 (Improve to 7.1.8 or above)
FortiSIEM 7.2.0 by way of 7.2.5 (Improve to 7.2.6 or above)
FortiSIEM 7.3.0 by way of 7.3.1 (Improve to 7.3.2 or above)
FortiSIEM 7.4 (Not affected)
Fortinet acknowledged in its advisory {that a} “sensible exploit code for this vulnerability was discovered within the wild,” however didn’t share any further specifics in regards to the nature of the exploit and the place it was discovered. It additionally famous that the exploitation code doesn’t seem to supply distinctive indicators of compromise (IoCs).
As workarounds, the community safety firm is recommending that organizations restrict entry to the phMonitor port (7900).
The disclosure comes a day after GreyNoise warned of a “vital spike” in brute-force visitors geared toward Fortinet SSL VPN gadgets, with dozens of IP addresses from america, Canada, Russia, and the Netherlands probing gadgets situated internationally.
