VulnHub

Real-time Cybersecurity News

PoC exploit for critical FortiSIEM vulnerability released (CVE-2025-64155)

Help Net Security
Actively Exploited
CVEFortinetExploitVulnerabilityPatchCritical

Overview

A serious vulnerability, identified as CVE-2025-64155, has been discovered in Fortinet’s FortiSIEM security platform, allowing unauthenticated remote attackers to execute unauthorized code. This flaw specifically affects the phMonitor service, which is crucial for the operation of FortiSIEM. The release of proof-of-concept (PoC) exploit code has heightened concerns, urging organizations using this software to apply patches immediately. If not addressed, this vulnerability could lead to significant security risks, as attackers could manipulate the system remotely. Organizations should prioritize patching their FortiSIEM deployments to safeguard against potential exploitation.

Key Takeaways

  • Active Exploitation: This vulnerability is being actively exploited by attackers. Immediate action is recommended.
  • Affected Systems: Fortinet FortiSIEM security platform
  • Action Required: Organizations should immediately apply patches provided by Fortinet for FortiSIEM to mitigate the vulnerability.
  • Timeline: Newly disclosed

Original Article Summary

A critical vulnerability (CVE-2025-64155) in Fortinet’s FortiSIEM security platform has now been accompanied by publicly released proof-of-concept (PoC) exploit code, raising the urgency for organizations to patch immediately. About CVE-2025-64155 CVE-2025-64155 may allow unauthenticated, remote attackers to execute unauthorized code or commands on vulnerable FortiSIEM deployments via specially crafted TCP requests. “This flaw targets the phMonitor service, the ‘nervous system’ of the SIEM, allowing attackers to write arbitrary code into a file executed as the … More → The post PoC exploit for critical FortiSIEM vulnerability released (CVE-2025-64155) appeared first on Help Net Security.

Impact

Fortinet FortiSIEM security platform

Exploitation Status

This vulnerability is confirmed to be actively exploited by attackers in real-world attacks. Organizations should prioritize patching or implementing workarounds immediately.

Timeline

Newly disclosed

Remediation

Organizations should immediately apply patches provided by Fortinet for FortiSIEM to mitigate the vulnerability. Specific patch numbers or versions were not mentioned in the article, so users should check Fortinet's official site for the latest updates.

Additional Information

This threat intelligence is aggregated from trusted cybersecurity sources. For the most up-to-date information, technical details, and official vendor guidance, please refer to the original article linked below.

Related Topics: This incident relates to CVE, Fortinet, Exploit, and 3 more.

Read Original Article

Related Coverage

Fortinet Warns of New FortiWeb CVE-2025-58034 Vulnerability Exploited in the Wild

The Hacker News

Fortinet has issued a warning regarding a medium-severity vulnerability in FortiWeb, tracked as CVE-2025-58034, which has been actively exploited in the wild. The flaw, categorized as an OS Command Injection vulnerability, could allow authenticated attackers to execute arbitrary commands on affected systems.

Nov 19, 2025

Fortinet Woes Continue With Another WAF Zero-Day Flaw

darkreading

Fortinet is facing significant challenges as a second zero-day vulnerability in its web application firewall (WAF) has been discovered and is under attack. This situation raises concerns about the vendor's disclosure practices and the overall security of their products.

Nov 19, 2025

⚡ Weekly Recap: Fortinet Exploit, Chrome 0-Day, BadIIS Malware, Record DDoS, SaaS Breach & More

The Hacker News

This week, significant cybersecurity threats emerged as hackers exploited new 0-day vulnerabilities in Fortinet and Chrome, infiltrating supply chains and SaaS tools. The rapid response from major companies like Microsoft, Salesforce, and Google highlights the severity of these attacks and the ongoing challenges in securing trusted applications and software updates.

Nov 24, 2025

MuddyWater Deploys UDPGangster Backdoor in Targeted Turkey-Israel-Azerbaijan Campaign

The Hacker News

The Iranian hacking group MuddyWater has deployed a new backdoor known as UDPGangster, which utilizes the User Datagram Protocol for command-and-control operations. This targeted cyber espionage campaign is focused on users in Turkey, Israel, and Azerbaijan, highlighting the ongoing threat posed by state-sponsored hacking groups in the region.

Dec 8, 2025

In-the-Wild Exploitation of Fresh Fortinet Flaws Begins

SecurityWeek

Cybercriminals are currently exploiting two serious authentication bypass vulnerabilities in FortiGate appliances. These flaws allow unauthorized access to systems, putting sensitive data at risk for organizations using these devices. Fortinet has confirmed that these vulnerabilities are being actively exploited in the wild, making it urgent for users to take action. Companies that rely on FortiGate appliances should prioritize applying available patches and updates to protect against potential intrusions. The situation underscores the need for vigilance in maintaining security measures, especially with rapidly evolving threats.

Dec 16, 2025

Fortinet FortiGate Under Active Attack Through SAML SSO Authentication Bypass

The Hacker News

Fortinet FortiGate devices are currently under active attack due to two recently disclosed vulnerabilities, CVE-2025-59718 and CVE-2025-59719, which allow for authentication bypass through malicious single sign-on (SSO) logins. Cybersecurity firm Arctic Wolf reported observing these attacks on December 12, 2025, just days after the vulnerabilities were made public. This situation poses significant risks for organizations using FortiGate appliances, as attackers can potentially gain unauthorized access to sensitive systems. Companies using these devices should take immediate action to protect their networks and data from these ongoing intrusions.

Dec 16, 2025