Critical Fortinet Vulnerability Actively Exploited, Underscoring Need for Updates
BleepingComputer
|
Contributed by: Drex DeFord
Summary
Fortinet has alerted users to a critical remote unauthenticated command injection vulnerability (CVE-2025-25256) in its FortiSIEM product, impacting versions 5.4 to 7.3. With a high CVSS score of 9.8, this flaw allows attackers to execute unauthorized commands without authentication, posing a significant risk to organizations such as healthcare providers that rely on FortiSIEM for security operations. The exploitation of this vulnerability is difficult to detect, as it doesn't produce clear indicators of compromise. Healthcare professionals should prioritize patching affected systems to mitigate potential breaches and protect sensitive data.
