A distance informal command in the Fortinet Fortisiem is warning about the injection defect, which has an in-wound explopite code, which is important for admin for implementing the latest security updates.
Fortisiem is a central security monitoring and analytics system used for logging, network telemetry and security phenomena alert, which serves as an integral part of safety operating centers, where it is an essential tool in the hands of IT OPS teams and analysts.
The product is usually used by governments, large enterprises, financial institutions, healthcare providers and managed security service providers (MSSPS).
Dosha, CVE-2025-25256 was tracked and rated critical (CVSS: 9.8), affects several branches of Siem from 5.4 to 7.3.
“OS command (‘OS command injection’ in Fortisiem) can allow an inappropriate neutrality of special elements used in vulnerability (CWE-78) to allow an unauthorized attacker to execute unauthorized codes or orders through CLI requests,” Describes fortinet,
While Fortinet did not clarify that the defect was exploited as zero-day, he confirmed that the functional exploitation code exists for the defect.
“The practical exploitation code for this vulnerability was found in the wild,” said the seller.
Fortinet says exploitation of this defect does not produce specific IOC to determine whether any equipment has been compromised.
This disclosure comes a day later when Granois warned a large-scale spike in the brutal-bale attacks that target Fortinet SSL VPN earlier this month, followed by a switch to Fortimainagar. The network Threat Intelligence Company warned that spikes of malicious traffic often occur before the disclosure of a new vulnerability.
It is not clear that the disclosure of CVE-2025-25256 of Fortinet is related to GRINOISE report.
Given the availability of concept of concept (POC), organizations will have to apply the latest security update for CVE-2025-25256, upgrading to one of the following Fortisiem versions as soon as possible:
- Fortisiem 7.3.2
- Fortisiem 7.2.6
- Fortisiem 7.1.8
- Fortisiem 7.0.4
- Fortisiem 6.7.10
Fortisiem versions 5.4 to 6.6 are also unsafe in all versions, but they are no longer supported and will not receive a patch for defects. Administrators managing old Fortisiem versions are advised to migrate in a new, actively supported release.
Fortinet also included a workaround to limit access to Phmonitor on Port 7900, showing that it is an entry point for malicious exploitation.
It is important to keep in mind that such work -raounds reduce exposure and buy time until they can be upgraded. However, they do not correct the underlying vulnerability.
The passwords broke in 46% of the atmosphere, almost doubled by 25% last year.
Picus Blue Report 2025 Now get a wider look at more conclusions on prevention, detection and data exfIs.
