Fortinet has issued an urgent alert about a critical OS command injection vulnerability (CVE-2025-25256) in FortiSIEM, which is actively exploited in the wild. Users are advised to apply patches immediately or restrict access to the vulnerable port to avoid remote code execution risks. #Fortinet #FortiSIEM #CVE-2025-25256
Keypoints
- Fortinetβs FortiSIEM platform is vulnerable to a critical command injection flaw.
- The vulnerability affects multiple versions from 6.1 to 7.3.1, excluding 7.4.
- Active exploits and circulating attack code make immediate patching essential.
- Attackers are conducting large-scale brute-force attacks on Fortinet SSL VPNs and shifting focus to FortiManager devices.
- Restricting access to the phMonitor port (TCP 7900) can provide a temporary mitigation measure.
Read More: https://thecyberexpress.com/fortisiem-bug-exploited-cve-2025-25256/