CVE-2025-25256

Name of the Vulnerable Software and Affected Versions Fortinet FortiSIEM versions 5.4.0 through 7.3.1 Fortinet FortiSIEM versions 6.1 through 7.3.1 Fortinet FortiSIEM versions 6.7 through 7.5 Fortinet FortiSIEM versions 7.0.0 through 7.0.3 Fortinet FortiSIEM versions 7.1.0 through 7.1.7 Fortinet FortiSIEM versions 7.2.0 through 7.2.5

Description Fortinet FortiSIEM is affected by an improper neutralization of special elements used in an OS command, also known as OS Command Injection (CWE-78). This allows an unauthenticated attacker to execute arbitrary code or commands via crafted CLI requests. Active exploitation of this issue has been confirmed, and exploit code is publicly available. The vulnerability impacts the phMonitor port (TCP/7900). There have been reports of brute-force attacks targeting Fortinet products preceding exploitation of this flaw.

Recommendations Fortinet FortiSIEM versions 5.4.0 through 7.3.1: Upgrade to version 7.3.2 or later. Fortinet FortiSIEM versions 6.1 through 6.7.9: Upgrade to version 6.7.10 or later. Fortinet FortiSIEM versions 7.0.0 through 7.0.3: Upgrade to version 7.0.4 or later. Fortinet FortiSIEM versions 7.1.0 through 7.1.7: Upgrade to version 7.1.8 or later. Fortinet FortiSIEM versions 7.2.0 through 7.2.5: Upgrade to version 7.2.6 or later. As a temporary workaround, restrict access to the phMonitor port (TCP/7900).