Fortinet Patches Critical Flaws in FortiOS, FortiSIEM, and More

Fortinet has rolled out important security updates to tackle various vulnerabilities affecting products like FortiOS, FortiSIEM, FortiFone, and FortiSwitchManager. Some of these vulnerabilities are classified as critical and can be exploited by attackers without needing authentication.

The most serious issue is found in FortiSIEM, where unauthorized users could execute arbitrary commands by sending specially crafted network requests. Additionally, FortiFone has a critical vulnerability that could expose sensitive configuration details via its web portal.

Fortinet has also fixed a significant buffer overflow problem in the cw_acd daemon associated with FortiOS and similar products. Administrators are advised to apply these updates immediately or transition to the patched versions.

Affected Versions and Patch
Versions 7.4 and earlier of FortiSIEM with phMonitor services accessible on the network are vulnerable. Fortinet has addressed this issue in versions 7.3.2 and later, including 7.2.6, 7.1.8, 7.0.4, and 6.7.10+. The update resolves the argument injection problem in the phMonitor service.

Mitigations
While applying updates, it’s essential to minimize exposure by limiting network or host access to FortiSIEM, and by blocking or restricting access to the phMonitor service on TCP port 7900.

References
CVE-2025-64155 - NVD

https://horizon3.ai/attack-research/vulnerabilities/cve-2025-64155-fortinet-fortisiem/