BeyondMachines :verified:@beyondmachines1@infosec.exchange
Critical remote code execution flaw in FortiSIEM actively exploited
Fortinet FortiSIEM platforms are under active attack through a critical OS command injection vulnerability (CVE-2025-25256, CVSS 9.8) that allows unauthenticated attackers to execute arbitrary commands, with working exploit code already being used against real-world targets. The flaw affects all FortiSIEM versions from 5.4 through 7.3.1 and is difficult to detect, requiring immediate patching or restricting access to port 7900 as a temporary workaround.
If you have FortiSIEM, block external access to port 7900 until you can update, then plan a quick patch. Attackers are already exploiting this flaw to take complete control without any login credentials.
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/critical-remote-code-execution-flaw-in-fortisiem-actively-exploited-g-v-z-8-7/gD2P6Ple2L