System administrators are being urged to quickly address a critical vulnerability in Fortinet’s FortiSIEM solution, as exploit code is actively circulating. The vulnerability, identified as CVE-2025-25256, allows for privilege escalation and has a high CVSS score of 9.8. It involves improper neutralization of special elements in OS commands, enabling unauthorized code execution through crafted CLI requests. The exploit code, found in the wild, lacks distinctive indicators of compromise, complicating detection and containment efforts. FortiSIEM, a platform for security operations teams, is widely used by medium to large enterprises, making these organizations potential targets. Fortinet products are frequently targeted by threat actors, often in ransomware attacks. A recent report noted a significant increase in brute-force attacks on Fortinet SSL VPNs, suggesting a possible link to new vulnerabilities. This activity, involving over 780 unique IPs, may indicate an impending disclosure of additional vulnerabilities in Fortinet products.
Is There an Exploit Code Threat for Fortinet’s Critical Vulnerability?
