A critical vulnerability (CVE-2025-64155) in Fortinet FortiSIEM is currently being exploited by attackers using publicly available proof-of-concept code. The flaw allows unauthenticated remote code execution and privilege escalation, prompting urgent security updates and mitigations. #Fortinet #FortiSIEM #CVE-2025-64155
Keypoints
- The vulnerability affects multiple versions of FortiSIEM, from 6.7 to 7.5.
- It exploits an OS command injection flaw in the phMonitor service for remote code execution.
- Threat actors are actively exploiting this flaw in the wild, according to threat intelligence reports.
- Fortinet recommends upgrading to patched versions or applying temporary access restrictions.
- Indicators of compromise include malicious payload URLs in system logs, aiding detection efforts.