Fortinet FortiSIEM patch release for CVE-2025-25256
Security Patch Release
Summary
Hide ▲
Show ▼
Fortinet released fixed FortiSIEM versions for CVE-2025-25256, a critical unauthenticated RCE flaw that can let remote attackers run arbitrary code on affected systems. The company told organizations to update or migrate to the fixed builds and to restrict phMonitor port 7900 as a workaround. The release is urgent because exploit code was already observed in the wild, increasing the chance of near-term abuse.
Related Happenings
Fortinet CVE-2025-59718 mitigation guidance
Advisory/Mitigation
First: 23.01.2026 12:39
Last: 23.01.2026 12:39
Sources 1
About this happening:
**Fortinet** told customers to immediately harden **FortiCloud SSO** exposure for **CVE-2025-59718**, because attackers are still abusing the flaw against **fully patched firewall...
Fortinet CVE-2025-59718 mitigation guidance
Advisory/MitigationAbout this happening: **Fortinet** told customers to immediately harden **FortiCloud SSO** exposure for **CVE-2025-59718**, because attackers are still abusing the flaw against **fully patched firewall...
FortiGate firewalls CVE-2020-12812 active exploitation wave
Exploitation Wave
First: 29.12.2025 13:16
Last: 29.12.2025 13:16
Sources 1
About this happening:
**FortiGate firewalls** with **LDAP-enabled** authentication paths are facing an **active exploitation wave** tied to **CVE-2020-12812**, a **2FA-bypass** flaw in **FortiOS**. Att...
FortiGate firewalls CVE-2020-12812 active exploitation wave
Exploitation WaveAbout this happening: **FortiGate firewalls** with **LDAP-enabled** authentication paths are facing an **active exploitation wave** tied to **CVE-2020-12812**, a **2FA-bypass** flaw in **FortiOS**. Att...
FortiOS/FortiWeb/FortiProxy/FortiSwitchManager FortiCloud SSO auth bypass patch release (CVE-2025-59718, CVE-2025-59719)
Security Patch Release
First: 09.12.2025 20:36
Last: 09.12.2025 20:36
Sources 1
About this happening:
**Fortinet** patched **FortiOS, FortiWeb, FortiProxy, and FortiSwitchManager** on **December 9** for **CVE-2025-59718** and **CVE-2025-59719**, critical flaws that can bypass **Fo...
FortiOS/FortiWeb/FortiProxy/FortiSwitchManager FortiCloud SSO auth bypass patch release (CVE-2025-59718, CVE-2025-59719)
Security Patch ReleaseAbout this happening: **Fortinet** patched **FortiOS, FortiWeb, FortiProxy, and FortiSwitchManager** on **December 9** for **CVE-2025-59718** and **CVE-2025-59719**, critical flaws that can bypass **Fo...
Latest development: 19.12.2025 17:00
Attackers are actively exploiting CVE-2025-59718 and CVE-2025-59719 against Fortinet devices with FortiCloud SSO enabled, using maliciously crafted SAML messages to gain admin-level access to the web management interface and download system configuration files. Shadowserver counted more than 25,000 exposed Fortinet IPs with FortiCloud SSO fingerprints, and CISA added the flaw to its catalog of actively exploited vulnerabilities with a December 23 patch deadline for U.S. government agencies.
Fortinet FortiWeb CVE-2025-64446 patch release
Security Patch Release
First: 19.11.2025 15:44
Last: 19.11.2025 15:44
Sources 1
About this happening:
Fortinet's **late-October** fix for **FortiWeb CVE-2025-64446** matters because the flaw was already used in **zero-day attacks** and later landed in CISA's actively exploited cat...
Fortinet FortiWeb CVE-2025-64446 patch release
Security Patch ReleaseAbout this happening: Fortinet's **late-October** fix for **FortiWeb CVE-2025-64446** matters because the flaw was already used in **zero-day attacks** and later landed in CISA's actively exploited cat...
FortiWeb CVE-2025-58034 mitigation advisory
Advisory/Mitigation
First: 19.11.2025 06:20
Last: 19.11.2025 06:20
Sources 1
About this happening:
**FortiWeb** operators were told to **upgrade affected releases** after **Fortinet** tied the advisory to **CVE-2025-58034** and said the flaw had been **exploited in the wild**....
FortiWeb CVE-2025-58034 mitigation advisory
Advisory/MitigationAbout this happening: **FortiWeb** operators were told to **upgrade affected releases** after **Fortinet** tied the advisory to **CVE-2025-58034** and said the flaw had been **exploited in the wild**....
Timeline
-
14.08.2025 00:15 1 articles · 9mo ago
Fortinet releases fixed FortiSIEM versions for CVE-2025-25256
Mitigation Patch UpdateFortinet disclosed CVE-2025-25256 in FortiSIEM, a critical unauthenticated OS command injection flaw that can let a remote attacker run arbitrary code through specially crafted CLI requests. The company released updated versions for FortiSIEM 5.4 through 7.3.1, advised organizations to update or migrate to the fixed builds, and recommended limiting access to phMonitor port 7900 as a workaround. Fortinet also warned that practical exploit code was found in the wild and that exploitation does not produce distinctive indicators of compromise.
Show sources
- Fortinet Products Are in the Crosshairs Again — www.darkreading.com — 14.08.2025 00:15