Overview

• Fortinet published an advisory on August 13 confirming practical exploit code for CVE-2025-25256 and released patched FortiSIEM versions.
• The OS command injection flaw impacts FortiSIEM releases from 6.1 through 7.3.1, while FortiSIEM 7.4 is unaffected.
• Unauthenticated attackers can execute arbitrary commands by sending specially crafted CLI requests to the phMonitor service.
• With a CVSS score of 9.8, the vulnerability’s high severity and sparse IoCs complicate intrusion detection and attribution.
• Organizations are urged to upgrade to the specified fixed releases or to restrict TCP port 7900 access to trusted internal hosts if patching is delayed.