FortiSIEM phMonitor Command Injection: CVE-2025-64155
⚠️ A critical command injection vulnerability in Fortinet FortiSIEM (phMonitor, tracked as CVE-2025-64155) enables unauthenticated attackers to inject commands and write files that are executed as the root user. Exploit code was disclosed publicly after a responsible disclosure to Fortinet in August 2025, and researchers warn the flaw may have allowed remote root access for nearly three years. Fortinet has released patched builds and advises restricting access to TCP port 7900 and applying updates immediately.
