Particle.news
Download on the App Store
6 ARTICLES
·
last wk.

Fortinet Issues FortiSIEM Patches After Discovery of Stealthy Exploit Code

The vendor urges customers to upgrade or restrict phMonitor access to curb attacks that can execute OS commands without leaving clear indicators of compromise

Fortinet
Image
Image

Overview

  • The flaw, tracked as CVE-2025-25256, carries a 9.8 CVSS rating and allows unauthenticated attackers to inject OS commands via crafted CLI requests.
  • Practical exploit code for the vulnerability has been found in the wild and does not appear to produce distinctive indicators of compromise, making intrusions hard to detect.
  • Fortinet has released patched FortiSIEM versions—including 6.7.10 through 7.3.2 and the new 7.4 branch—and advises users on older, unsupported releases to migrate to supported versions.
  • As an interim defense, administrators are urged to restrict access to the phMonitor service on TCP port 7900 to trusted internal hosts.
  • Threat intelligence groups report continued scanning and brute-force activity targeting Fortinet edge products and warn that public exploit availability could accelerate broader attacks.