“The phMonitor service marshals incoming requests to their acceptable operate handlers based mostly on the kind of command despatched within the API request,” they stated. “Each command handler is mapped to an integer, which is handed within the command message. Safety problem #1 is that every one of those handlers are uncovered and accessible for any distant consumer to invoke with none authentication.”
Previous to the CVE-2025-64155 disclosure, Fortinet had already patched a associated vital command injection flaw in FortiSIEM tracked as CVE-2025-25256 earlier in August 2025. That vulnerability additionally stemmed from improper dealing with of OS instructions enter and was vital sufficient that Fortinet acknowledged working exploit code within the wild, prompting fixes in a number of supported FortiSIEM releases.
Exploit code modifications the danger equation
Whereas Fortinet has launched patches and mitigation steerage, Tenable’s evaluation highlights the probability of real-world assaults as a working exploit code is now public.
“The latest disclosure of CVE-2025-64155 alongside public exploit code is a worrisome begin to 2026,” stated Scott Caveza, senior employees analysis engineer at Tenable. “Though no recognized exploitation has been reported, Fortinet vulnerabilities stay a high prize for attackers–together with nation-state teams.”
