Fortinet reported a critical vulnerability, CVE-2025-25256, in FortiSIEM that allows unauthorized command execution by unauthenticated attackers. It affects several versions of the software and has a CVSS rating of 9.8. The company advises customers to upgrade to fixed versions while suggesting limiting access to the phMonitor port as a temporary workaround. Additionally, there was a surge in brute-force attacks targeting Fortinet's SSL VPNs, correlating with trends seen before past vulnerabilities were disclosed. GreyNoise noted a recent spike in this attack traffic following the vulnerability announcement.
The OS-command-injection vulnerability, tracked as CVE-2025-25256, received a 9.8 CVSS rating and affects multiple versions of the security tool: 7.3.0-7.3.1, 7.2.0-7.2.5, 7.1.0-7.1.7, 7.0.0-7.0.3, and before 6.7.9.
Customers need to upgrade to a fixed version and, as a workaround, the vendor suggests limiting access to the phMonitor port (7900).
An unauthenticated attacker can abuse this flaw by crafting a CLI request and then executing arbitrary commands on the operating system, which can allow complete system takeover.
Spikes like this often precede the disclosure of new vulnerabilities affecting the same vendor - most within six weeks.
Collection
[
|
...
]