More Problems for Fortinet: Critical FortiSIEM Flaw Exploited

More Problems for Fortinet: Critical FortiSIEM Flaw Exploited

CVE-2025-64155, a critical command injection vulnerability, was disclosed on January 13th and immediately targeted by multiple actors. The vulnerability has a CVSS score of 9.4, indicating its severity.

Modern security information and event management (SIEM) systems are intended to be the central nervous system for security monitoring, but vulnerabilities like this demonstrate the risk of exposing management interfaces. The rapid exploitation highlights the challenge of patching at scale, with potential for significant compromise across a large customer base.

Key Insights

• CVE-2025-64155 exploitation began almost immediately after public disclosure, 2026.
• FortiSIEM’s phMonitor service has been a recurring source of vulnerabilities: CVE-2024-23108 and CVE-2023-34992.
• Horizon3 discovered and reported CVE-2025-64155, also providing a proof-of-concept exploit.

Practical Applications

• Use Case: Security teams using FortiSIEM must prioritize patching to versions 6.7 through 7.4 to mitigate RCE risk.
• Pitfall: Relying on network segmentation alone is insufficient; exposed management interfaces require rigorous authentication and access control.

References:

• https://www.darkreading.com/vulnerabilities-threats/fortinet-critical-fortisiem-flaw-exploited