Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

FortiSIEM phMonitor port 7900 restriction advisory

Advisory/Mitigation
First reported
Last updated
Happening score
H score 48
1 unique sources, 1 articles

Summary

Hide ▲

Fortinet issued mitigation guidance for FortiSIEM after disclosing CVE-2025-25256, a critical command-injection flaw with in-the-wild exploit code. The company told customers to limit access to phMonitor port 7900 while they move affected systems to fixed releases. The advisory matters because an unauthenticated attacker could use the flaw to run unauthorized code or commands on exposed systems.

Related Happenings

Fortinet CVE-2025-59718 mitigation guidance

Advisory/Mitigation
First: 23.01.2026 12:39 Last: 23.01.2026 12:39 Sources 1

About this happening: **Fortinet** told customers to immediately harden **FortiCloud SSO** exposure for **CVE-2025-59718**, because attackers are still abusing the flaw against **fully patched firewall...

Open Happening

FortiGate SSL VPN active 2FA bypass (CVE-2020-12812)

Vulnerability
First: 02.01.2026 18:01 Last: 02.01.2026 18:01 Sources 1

About this happening: **Fortinet** says **CVE-2020-12812** is still being **actively exploited**, leaving **over 10,000 Fortinet firewalls** exposed to a **2FA bypass** risk. The weakness affects **For...

Open Happening

FortiGate firewalls CVE-2020-12812 active exploitation wave

Exploitation Wave
First: 29.12.2025 13:16 Last: 29.12.2025 13:16 Sources 1

About this happening: **FortiGate firewalls** with **LDAP-enabled** authentication paths are facing an **active exploitation wave** tied to **CVE-2020-12812**, a **2FA-bypass** flaw in **FortiOS**. Att...

Open Happening

FortiOS SSL VPN CVE-2020-12812 mitigation advisory

Advisory/Mitigation
First: 25.12.2025 10:22 Last: 25.12.2025 10:22 Sources 1

About this happening: Fortinet issued a **December 24, 2025** mitigation advisory for **CVE-2020-12812**, warning that certain **FortiOS SSL VPN** configurations can let **admin or VPN users** authenti...

Open Happening

Fortinet security patch release for CVE-2025-59718

Security Patch Release
First: 10.12.2025 06:50 Last: 10.12.2025 06:50 Sources 1

About this happening: **Fortinet**, **Ivanti**, and **SAP** released **December** security updates for **critical vulnerabilities** that could enable **authentication bypass** or **code execution** acr...

Open Happening

Timeline

  1. 18.08.2025 03:00 1 articles · 9mo ago

    watchTowr Labs explains the phMonitor command-injection path

    Technical Analysis Update

    watchTowr Labs described phMonitor as a C++ binary that monitors FortiSIEM processes over port 7900 using a custom RPC protocol wrapped in TLS, and said the flaw resides in phMonitorProcess::handleStorageArchiveRequest where inadequate input sanitization and addParaSafe's weak quote escaping can let an attacker send a crafted XML payload to run arbitrary shell commands on the underlying operating system.

    Show sources
    Open in new tab
  2. 13.08.2025 14:37 1 articles · 9mo ago

    Fortinet discloses CVE-2025-25256 and advises restricting phMonitor

    Initial Disclosure

    Fortinet warned that CVE-2025-25256 is a critical FortiSIEM OS command injection flaw with CVSS 9.8, said practical exploit code was found in the wild, listed FortiSIEM 6.1-6.6, 6.7.0 through 6.7.9, 7.0.0 through 7.0.3, 7.1.0 through 7.1.7, 7.2.0 through 7.2.5, and 7.3.0 through 7.3.1 as impacted, noted that FortiSIEM 7.4 is not affected, and advised organizations to limit access to phMonitor port 7900 while moving systems to fixed releases.

    Show sources
    Open in new tab