August 13, 2025 By Pierluigi Paganini
Fortinet warns of a critical FortiSIEM vulnerability, tracked as CVE-2025-25256, that is actively exploited in attacks in the wild.
Fortinet warns customers of a critical vulnerability, tracked as CVE-2025-25256 (CVSS score of 9.8), affecting FortiSIEM for which an exploit exists in the wild.
Fortinet gave no details about the exploit, noting it leaves no clear Indicators of Compromise (IoCs).
The flaw is an OS command injection flaw that could allow unauthenticated attackers to run arbitrary code or commands via crafted CLI requests.
