15/08/2025

Week 33 – Patch your FortiSIEM today!

11 Aug – 17 Aug 2025

A critical OS command injection flaw (CVE-2025-25256) has been identified in Fortinet’s FortiSIEM platform, now this our CVE of the Week. This critical flaw, has a 9.8 CVSS base score, almost reaching a straight 10/10.

The vulnerability allows remote, unauthenticated attackers to execute arbitrary code through specially crafted CLI commands — posing an immediate threat to security operations infrastructure.

Fortinet confirms that practical exploit code exists in the wild, making urgent action imperative.

Affected Versions – Every major FortiSIEM branch up to a fixed release is impacted:

5.4 to 6.6 > All versions > Migrate to supported release
6.7.x 6.7.0 – 6.7.9 > Upgrade to 6.7.10+
7.0.x 7.0.0 – 7.0.3 > Upgrade to 7.0.4+
7.1.x 7.1.0 – 7.1.7 > Upgrade to 7.1.8+
7.2.x 7.2.0 – 7.2.5 > Upgrade to 7.2.6+
7.3.x 7.3.0 – 7.3.1 > Upgrade to 7.3.2+
7.4 Not affected —

Equipments running on unsupported branches (5.4–6.6) must migrate to newer, supported versions.

Mitigations & Recommendations:

Upgrade immediately to the latest fixed FortiSIEM version appropriate for your branch.
As a temporary workaround, restrict access to the phMonitor port (TCP 7900), which is the likely attack vector.
Monitor Fortinet advisories and security bulletins for further updates or detection guidance.
Note: Exploit activity may leave no distinctive IoCs, making detection challenging.

Stay alert — GreyNoise observed a spike in brute-force traffic against Fortinet SSL VPNs concurrent with this CVE disclosure, hinting at heightened adversarial interest.

Exploit code is active, and remote, unauthenticated RCE is possible — this is a full-on emergency for SOCs and admins operating FortiSIEM. Prioritize patching today, escalate to emergency change control if needed, and limit attack surfaces immediately.

Stay safe, stay patched.

This week’s Patch Tuesday delivered a wave of critical security fixes from major vendors. Vulnerabilities like CVE-2025-25256 show how quickly flaws can be weaponized. If you haven’t patched yet, now is the time—apply updates immediately to close known attack paths before threat actors exploit them.

For more details you can visit the fortinet site: https://fortiguard.fortinet.com/psirt/FG-IR-25-152

White Hat IT Security is a Europe-based Managed Security Services Provider (MSSP) and proud Microsoft Solution Partner. Its Microsoft-verified managed security solutions (MXDR) reflect their deep expertise and commitment to excellence in cybersecurity. The company was awarded the Partner of the Year Hungary Award by Microsoft in 2024.

With the largest incident response capacity in the CEE region, they’re trusted by organizations to deliver fast, effective, and proactive protection. Their portfolio includes penetration testing, vulnerability assessments, managed Cyber Threat Intelligence, as well as Governance, Risk and Compliance (GRC) consulting and specialized security training.

They are committed to supporting professional initiatives that aim to raise cybersecurity awareness and maturity—both for individuals and organizations. They regularly contribute to the community through knowledge sharing, education, and outreach, helping to build a safer digital future for all.

Author: White Hat IT Security

Filed Under: CVE of the Week

Tags: cve, cveoftheweek, cybersecurity, informationsecurity, WhiteHatSeries

Week 32 – Critical AEM Forms Exploit via Apache Struts