Find notable cyber news and cases, enriched with sources, timelines, and signals.

FortiSIEM command injection flaw (CVE-2025-25256)

Vulnerability
First reported
Last updated
Happening score
H score 44
1 unique sources, 1 articles

Summary

Hide ▲

CVE-2025-25256 in Fortinet FortiSIEM now has public exploit code and technical details, raising the risk of remote, unauthenticated code or command execution on affected systems. Fortinet says the flaw is patched in supported releases, while older 6.7.0 and 7.0 branches remain unsupported and unfixed. A temporary mitigation is to restrict access to the phMonitor service on port 7900.

Related Happenings

CISA adds CVE-2026-12569 to KEV for PTC Windchill and FlexPLM

Public Sector Action
H score46 First: 26.06.2026 15:31 Last: 26.06.2026 15:31 Sources 1

About this happening: CISA **added CVE-2026-12569** to the **KEV catalog** after finding **active exploitation** of **PTC Windchill PDMlink** and **PTC FlexPLM**, elevating the flaw to a federal remedi...

FortiBleed multi-vendor brute-force wave

Exploitation Wave
H score75 First: 23.06.2026 21:20 Last: 23.06.2026 21:20 Sources 1

About this happening: A **multi-vendor brute-force wave** tied to **FortiBleed** is hitting **Fortinet, Synology, Sophos, Citrix, RDWeb, and MS-SQL** targets, expanding the risk from one firewall-focus...

Fortinet FortiSandbox multi-CVE exploitation wave

Exploitation Wave
H score49 First: 16.06.2026 12:19 Last: 16.06.2026 12:19 Sources 1

About this happening: **Fortinet FortiSandbox** is facing an **active exploitation wave** that puts **affected deployments** at risk of **unauthenticated remote code execution** and **privilege escalat...

SolarWinds Serv-U advisory and mitigations for CVE-2026-28318

Advisory/Mitigation
H score52 First: 06.06.2026 11:14 Last: 06.06.2026 11:14 Sources 1

About this happening: **SolarWinds Serv-U** mitigation guidance now covers **CVE-2026-28318**, reducing **unauthenticated DoS** risk from specially crafted POST requests. SolarWinds says the flaw is ad...

FortiClient EMS CVE-2026-35616 exploitation wave

Exploitation Wave
H score56 First: 28.05.2026 18:26 Last: 28.05.2026 18:26 Sources 1

About this happening: **CVE-2026-35616** exploitation in **FortiClient Enterprise Management Server (EMS)** is being used to deliver the undocumented credential stealer **EKZ**. Attackers are abusing u...

Timeline

  1. 14.01.2026 20:51 2 articles · 5mo ago

    Public exploit and technical details published for CVE-2025-25256 in FortiSIEM

    Technical Analysis Update

    Horizon3.ai published technical details, a detailed write-up, indicators of compromise, and a demonstrative exploit for CVE-2025-25256 in Fortinet FortiSIEM, describing how exposed phMonitor command handlers can be reached remotely without authentication through crafted TCP requests to execute unauthorized code or commands and potentially reach root access. Fortinet said supported FortiSIEM releases are patched, while FortiSIEM 7.0 and 6.7.0 remain unsupported and unfixed, and advised limiting access to phMonitor port 7900 for systems that cannot be updated immediately.

    Show sources