Fortinet released fixes for a critical severity ortiSIEM vulnerability (CVE-2025-64155) that stems from improper neutralization of special elements used in OS commands within the phMonitor service (TCP/7900).

ArcticWolf's platform is a central hub for cybersecurity professionals, offering insights into managed detection and response (MDR), threat intelligence, and security operations. Through articles, reports, and webinars, ArcticWolf offers insights into detecting and responding to cybersecurity threats effectively. Security analysts can learn about threat hunting, incident response strategies, and security best practices to protect organizations from cyberattacks.

Arctic Wolf

Fortinet patched a critical FortiSIEM vulnerability (CVE-2025-64155) allowing unauthenticated remote code execution through command injection in the phMonitor service. The flaw enables full system takeover with privilege escalation from admin to root. While not yet exploited in the wild, a public proof-of-concept exists. Affected versions span FortiSIEM 6.7 through 7.4, with patches available. Organizations should upgrade immediately, isolate FortiSIEM from the internet, and restrict access to TCP port 7900 if patching is delayed.

CVE-2025-64155

Isolate FortiSIEM Instances From the Internet