Tracked as CVE-2025-64155, the issue stems from improper neutralization of special elements in OS commands (CWE-78) within the phMonitor component on port 7900. Attackers can craft malicious TCP requests to Super and Worker nodes, potentially resulting in full-system compromise.
With a CVSS v3.1 base score of 9.4 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), the vulnerability is rated Critical due to its network accessibility, low complexity, and lack of required privileges.
No user interaction is required, and exploitation could result in remote code execution, data theft, or persistence in environments that rely on FortiSIEM for security information and event management.
This flaw affects multiple FortiSIEM branches but leaves Collector nodes unaffected. Fortinet urges immediate upgrades or migrations, with a workaround of restricting access to TCP port 7900 via firewalls.
| Version | Affected Releases | Solution |
|---|---|---|
| FortiSIEM Cloud | Not affected | Not Applicable |
| FortiSIEM 7.5 | Not affected | Not Applicable |
| FortiSIEM 7.4 | 7.4.0 | Upgrade to 7.4.1 or above |
| FortiSIEM 7.3 | 7.3.0 through 7.3.4 | Upgrade to 7.3.5 or above |
| FortiSIEM 7.2 | 7.2.0 through 7.2.6 | Upgrade to 7.2.7 or above |
| FortiSIEM 7.1 | 7.1.0 through 7.1.8 | Upgrade to 7.1.9 or above |
| FortiSIEM 7.0 | 7.0.0 through 7.0.4 | Migrate to a fixed release |
| FortiSIEM 6.7 | 6.7.0 through 6.7.10 | Migrate to a fixed release |
Organizations running vulnerable versions in production face elevated risks, especially in hybrid or on-premises SIEM deployments.
Security researcher Zach Hanley (@hacks_zach) of Horizon3.ai responsibly reported the bug under Fortinet’s program. The advisory (FG-IR-25-772) appeared on Fortinet’s PSIRT page, with NVD details pending full analysis. No evidence of active exploitation has surfaced yet, but the unauthenticated nature demands urgency.
Fortinet recommends auditing logs for anomalous TCP/7900 traffic and applying patches promptly. This incident underscores the need for least-privilege network segmentation in SIEM architectures.
Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.
The post Critical FortiSIEM Vulnerability Lets Attackers Run Arbitrary Commands via TCP Packets appeared first on Cyber Security News.
ABILENE, Texas (KTAB/KRBC) – The zoo is introducing some new faces, including a new animal ambassador…
Valve wants players to know that it plans on fighting New York Attorney General Letitia…
Update: The price has gone up to $245.61 (still a good deal). There's no need…
Roger Jackson — best known for being the voice of one of the genre’s most…
Sailors prepare to stage ordnance on the flight deck of the USS Abraham Lincoln in…
Instead of moving forward with a jury trial against Live Nation-Ticketmaster as expected, the Justice…
This website uses cookies.