Updated:
Status:
CVEs:
Fortra is actively researching improper neutralization of special elements used in an OS command injection vulnerability [CWE-78] in FortiSIEM. This vulnerability may allow an unauthenticated attacker to execute unauthorized code or commands via crafted CLI requests.
| CVE | Risk | Score |
|---|---|---|
| CVE-2025-25256 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | (9.8, Critical) |
Who is affected?
CVE-2025-25256 impacts the following versions of FortiSIEM:
- FortiSIEM 7.3.0 - 7.3.1
- FortiSIEM 7.2.0 - 7.2.5
- FortiSIEM 7.1.0 - 7.1.7
- FortiSIEM 7.0.0 - 7.0.3
- FortiSIEM 6.7.0 - 6.7.9
- FortiSIEM 6.6 - all versions
- FortiSIEM 6.5 - all versions
- FortiSIEM 6.4 - all versions
- FortiSIEM 6.3 - all versions
- FortiSIEM 6.2 - all versions
- FortiSIEM 6.1 - all versions
- FortiSIEM 5.4 - all versions
What can I do?
Customers should limit access to the phMonitor port 7900 to mitigate this vulnerability and protect themselves.
The vendor has released the following updates to resolve this vulnerability:
| Affected Versions | Fixed Releases (Upgrade to these versions) |
|---|---|
| FortiSIEM 7.3.0 - 7.3.1 | 7.3.2 or above |
| FortiSIEM 7.2.0 - 7.2.5 | 7.2.6 or above |
| FortiSIEM 7.1.0 - 7.1.7 | 7.1.8 or above |
| FortiSIEM 7.0.0 - 7.0.3 | 7.0.4 or above |
| FortiSIEM 6.7.0 - 6.7.9 | 6.7.10 or above |
| FortiSIEM 6.6 and all lower versions | Migrate to a fixed release |
Additional information can be found at:
- Vendor Advisory: PSIRT - FortiGuard Labs
- NIST Advisory: NVD - CVE-2025-25256
How is Fortra helping me?
Fortra is actively researching this threat to build detection capabilities.
Updates
Fortra has kicked off the Emerging Threats process for this vulnerability. This article will be updated as new information about it and related security coverage becomes available.
