Ethical Hacking News
Fortinet has addressed two critical flaws in its FortiFone and FortiSIEM products, including a vulnerability that could allow attackers to execute unauthorized code without authentication. The company released patches for affected versions and provided recommendations for mitigating the impact of the vulnerabilities.
Fortinet has discovered two critical vulnerabilities in its FortiFone and FortiSIEM products that can be exploited without authentication. A improper neutralization of special elements used in an OS command could lead to OS Command Injection (CVE-2025-64155, CVSS score of 9.4). The impact of the first vulnerability extends beyond FortiSIEM product, affecting various versions of the software. Fortinet has released patches for both vulnerabilities and taken steps to address the issues. One of the flaws may not be actively exploited in attacks in the wild, highlighting the importance of ongoing security updates and vigilance.
Fortinet has recently announced the discovery of two critical vulnerabilities in its FortiFone and FortiSIEM products, which could potentially be exploited by attackers without authentication. The first vulnerability, tracked as CVE-2025-64155 (CVSS score of 9.4), is an improper neutralization of special elements used in an OS command that could lead to OS Command Injection.
The impact of this vulnerability extends beyond the FortiSIEM product, affecting various versions of the software. According to Fortinet, the following versions are affected:
- FortiSIEM Cloud: Not affected
- FortiSIEM 7.5: Not affected
- FortiSIEM 7.47.4.0: Upgrade to 7.4.1 or above
- FortiSIEM 7.37.3.0 through 7.3.4: Upgrade to 7.3.5 or above
- FortiSIEM 7.27.2.0 through 7.2.6: Upgrade to 7.2.7 or above
- FortiSIEM 7.17.1.0 through 7.1.8: Upgrade to 7.1.9 or above
- FortiSIEM 7.07.0.0 through 7.0.4: Migrate to a fixed release
- FortiSIEM 6.76.7.0 through 6.7.10: Migrate to a fixed release
Researchers Zach Hanley (@hacks_zach) of Horizon3.ai reported the vulnerability, noting that it only impacts the Super and Worker nodes in the system, with no effect on Collector nodes. As a workaround, Fortinet recommends limiting access to the phMonitor port (7900).
The second critical flaw, tracked as CVE-2025-47855 (CVSS score of 9.3), addresses an exposure of sensitive information to an unauthorized actor issue in FortiFone Web Portal pages.
An unauthenticated attacker could trigger this vulnerability by sending crafted HTTP or HTTPS requests, allowing them to obtain the device configuration.
Fortinet released patches for these vulnerabilities and has taken steps to address the issues.
However, it is unclear whether one of the flaws addressed by Fortinet is actively exploited in attacks in the wild.
The recent announcements highlight the importance of ongoing security updates and vigilance from organizations using these products.
It also serves as a reminder that even major software companies like Fortinet can have vulnerabilities that are not immediately apparent.
Fortunately, Fortinet has acted swiftly to address these issues, providing patches for affected versions and recommendations for mitigating the impact of the vulnerabilities.
Overall, this incident underscores the need for regular security updates and vigilant monitoring of potential vulnerabilities in critical systems.
Related Information:
https://www.ethicalhackingnews.com/articles/Fortinet-Addresses-Two-Critical-Vulnerabilities-in-FortiFone-and-FortiSIEM-ehn.shtml
https://securityaffairs.com/186902/uncategorized/fortinet-fixed-two-critical-flaws-in-fortifone-and-fortisiem.html
https://nvd.nist.gov/vuln/detail/CVE-2025-64155
https://www.cvedetails.com/cve/CVE-2025-64155/
https://nvd.nist.gov/vuln/detail/CVE-2025-47855
https://www.cvedetails.com/cve/CVE-2025-47855/
Published: Wed Jan 14 10:09:40 2026 by llama3.2 3B Q4_K_M
