Ethical Hacking News
Fortinet has disclosed a critical bug in one of its security tools, allowing attackers to execute arbitrary commands on the operating system. The vulnerability affects multiple versions of FortiSIEM and is rated at 9.8 on the Common Vulnerability Scoring System (CVSS). Organizations are advised to upgrade to a fixed version immediately and implement robust security measures to prevent exploitation.
Fortinet has issued a warning about a critical vulnerability (CVE-2025-25256) in its FortiSIEM security tool. The vulnerability allows an unauthenticated attacker to execute arbitrary commands on the operating system, gaining complete control over the system. The affected versions include 7.3.0-7.3.1, 7.2.0-7.2.5, 7.1.0-7.1.7, 7.0.0-7.0.3, and before 6.7.9. The severity of the vulnerability is rated at 9.8 on the Common Vulnerability Scoring System (CVSS). A surge in brute-force attempts against Fortinet SSL VPNs has been reported, with over 780 unique IPs attempting to gain unauthorized access. Fortinet advises customers to upgrade to a fixed version of FortiSIEM immediately and limit access to the phMonitor port as a workaround.
Fortinet, a leading cybersecurity solutions provider, has issued an urgent warning to its customers regarding a critical vulnerability discovered in one of its security tools. The bug, tracked as CVE-2025-25256, is classified as an OS-command-injection vulnerability, which can allow an unauthenticated attacker to execute arbitrary commands on the operating system, effectively gaining complete control over the system.
The vulnerability affects multiple versions of FortiSIEM, a cloud-based Security Information and Event Management (SIEM) platform used by organizations to monitor and manage their network security. The affected versions include 7.3.0-7.3.1, 7.2.0-7.2.5, 7.1.0-7.1.7, 7.0.0-7.0.3, and before 6.7.9.
According to a security advisory issued by Fortinet, the vulnerability allows an attacker to craft a CLI request that can execute arbitrary commands on the operating system, effectively allowing the attacker to take control of the system. The severity of this vulnerability is rated at 9.8 on the Common Vulnerability Scoring System (CVSS), making it one of the most critical vulnerabilities in recent times.
The discovery of this vulnerability comes amidst a surge in brute-force attempts against Fortinet SSL VPNs, as reported by threat-intel firm GreyNoise. The August 3 brute-force spike marked "the highest single-day volume we've seen" in recent months, with over 780 unique IPs attempting to gain unauthorized access to the VPNs.
GreyNoise noted that there were two distinct waves of traffic, with wave one involving a long-running set of brute-force activity tied to a single TCP signature, and wave two being a sudden and concentrated burst of traffic beginning August 5. The second wave was characterized by a shift from FortiOS to FortiManager, suggesting that the attackers may have been using a new toolset or infrastructure to target these services.
The GreyNoise report also noted that there is often a correlation between spikes in malicious scanning or brute-forcing activity against a product and vulnerability disclosures in that same product family. While the close timing between this spike and the CVE-2025-25256 disclosure is notable, it does not prove a direct causal link between the two events.
Fortinet has advised its customers to upgrade to a fixed version of FortiSIEM immediately to patch the vulnerability. As a workaround, the vendor suggests limiting access to the phMonitor port (7900).
The discovery of this critical vulnerability highlights the importance of regular security updates and patches for enterprise software solutions. It also underscores the need for organizations to monitor their network security closely and implement robust security measures to prevent such attacks.
In response to this vulnerability disclosure, the cybersecurity community is on high alert, with many experts warning about the potential risks associated with this critical bug. As the situation continues to unfold, it is essential for organizations to take immediate action to patch their systems and protect themselves against potential exploitation of this vulnerability.
Related Information:
https://www.ethicalhackingnews.com/articles/Fortinet-Discloses-Critical-Bug-with-Working-Exploit-Code-Amid-Surge-in-Brute-Force-Attempts-ehn.shtml
https://go.theregister.com/feed/www.theregister.com/2025/08/13/fortinet_discloses_critical_bug/
Published: Wed Aug 13 15:13:50 2025 by llama3.2 3B Q4_K_M
