Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

FortiSIEM command injection flaw (CVE-2025-25256)

Vulnerability
First reported
Last updated
Happening score
H score 43
1 unique sources, 1 articles

Summary

Hide ▲

CVE-2025-25256 in Fortinet FortiSIEM now has public exploit code and technical details, raising the risk of remote, unauthenticated code or command execution on affected systems. Fortinet says the flaw is patched in supported releases, while older 6.7.0 and 7.0 branches remain unsupported and unfixed. A temporary mitigation is to restrict access to the phMonitor service on port 7900.

Related Happenings

PAN-OS User-ID Authentication Portal mitigation guidance (CVE-2026-0300)

Advisory/Mitigation
First: 06.05.2026 09:14 Last: 06.05.2026 09:14 Sources 1

About this happening: Palo Alto Networks issued **mitigation guidance** for **CVE-2026-0300** after the **PAN-OS User-ID Authentication Portal** flaw was reported **exploited in the wild**, leaving pub...

Open Happening

CyberStrikeAI observed on attacker infrastructure supporting FortiGate attack automation

Security Tool/Service
First: 03.03.2026 02:06 Last: 03.03.2026 02:06 Sources 1

About this happening: **CyberStrikeAI** was observed on **attacker infrastructure** supporting a live **Fortinet FortiGate** attack campaign, showing the platform can be repurposed for offensive automa...

Open Happening

FortiGate exposed management interface exploitation wave

Exploitation Wave
First: 21.02.2026 16:49 Last: 21.02.2026 16:49 Sources 1

About this happening: **FortiGate** management interfaces were hit by an **automated exploitation wave** that abused **internet-exposed ports** and **commonly reused credentials** to compromise **600+...

Open Happening

CISA KEV remediation deadline for SolarWinds WHD CVE-2025-40551

Public Sector Action
First: 04.02.2026 07:50 Last: 04.02.2026 07:50 Sources 1

About this happening: **CISA** added **CVE-2025-40551** in **SolarWinds Web Help Desk** to the **KEV catalog** and imposed **federal remediation deadlines**, turning a newly exploited flaw into a compl...

Open Happening

Quiz and Survey Master SQL injection mitigation (CVE-2025-67987)

Advisory/Mitigation
First: 03.02.2026 18:15 Last: 03.02.2026 18:15 Sources 1

About this happening: **Patchstack** published mitigation guidance for **CVE-2025-67987**, directing administrators to update **Quiz and Survey Master** to **version 10.3.2** to close a **SQL injection...

Open Happening

Timeline

  1. 14.01.2026 20:51 2 articles · 4mo ago

    Public exploit and technical details published for CVE-2025-25256 in FortiSIEM

    Technical Analysis Update

    Horizon3.ai published technical details, a detailed write-up, indicators of compromise, and a demonstrative exploit for CVE-2025-25256 in Fortinet FortiSIEM, describing how exposed phMonitor command handlers can be reached remotely without authentication through crafted TCP requests to execute unauthorized code or commands and potentially reach root access. Fortinet said supported FortiSIEM releases are patched, while FortiSIEM 7.0 and 6.7.0 remain unsupported and unfixed, and advised limiting access to phMonitor port 7900 for systems that cannot be updated immediately.

    Show sources
    Open in new tab