Fortinet is alerting clients of a important security flaw in FortiSIEM for which it stated there exists an exploit within the wild.
The vulnerability, tracked as CVE-2025-25256, carries a CVSS rating of 9.8 out of a most of 10.0.
“An improper neutralization of particular parts utilized in an OS command (‘OS Command Injection’) vulnerability [CWE-78] in FortiSIEM might permit an unauthenticated attacker to execute unauthorized code or instructions by way of crafted CLI requests,” the corporate stated in a Tuesday advisory.
The next variations are impacted by the flaw –
- FortiSIEM 6.1, 6.2, 6.3, 6.4, 6.5, 6.6 (Migrate to a hard and fast launch)
- FortiSIEM 6.7.0 by 6.7.9 (Improve to six.7.10 or above)
- FortiSIEM 7.0.0 by 7.0.3 (Improve to 7.0.4 or above)
- FortiSIEM 7.1.0 by 7.1.7 (Improve to 7.1.8 or above)
- FortiSIEM 7.2.0 by 7.2.5 (Improve to 7.2.6 or above)
- FortiSIEM 7.3.0 by 7.3.1 (Improve to 7.3.2 or above)
- FortiSIEM 7.4 (Not affected)
Fortinet acknowledged in its advisory {that a} “sensible exploit code for this vulnerability was discovered within the wild,” however didn’t share any extra specifics concerning the nature of the exploit and the place it was discovered. It additionally famous that the exploitation code doesn’t seem to supply distinctive indicators of compromise (IoCs).
As workarounds, the community security firm is recommending that organizations restrict entry to the phMonitor port (7900).
The disclosure comes a day after GreyNoise warned of a “vital spike” in brute-force visitors aimed toward Fortinet SSL VPN units, with dozens of IP addresses from america, Canada, Russia, and the Netherlands probing units positioned the world over.
