Critical Fortinet FortiSIEM Flaw Now Exploited in Attacks
⚠️ Researchers disclosed that a critical Fortinet FortiSIEM vulnerability (CVE-2025-64155) with public proof-of-concept code is being abused in active attacks. Horizon3.ai described the issue as an unauthenticated OS command injection via exposed phMonitor command handlers that enables arbitrary writes and escalation to root, and Fortinet released security updates plus a port-restriction workaround for phMonitor (7900). Administrators should upgrade affected FortiSIEM versions 6.7 through 7.5 to the patched releases and review phMonitor logs for indicators of compromise.
