Patchday Fortinet: Unauthorized access to firewalls possible
Security updates close vulnerabilities in FortiManager, FortiPAM and FortiWeb, among others.
(Image: Artur Szczybylo/Shutterstock.com)
Attackers can attack and access Fortinet firewalls. The provider of IT security solutions has also closed other vulnerabilities in various products.
Critical malware vulnerability
According to a warning message, a “critical” vulnerability (CVE-2025-25256) in the IT security solution FortiSIEM is the most dangerous. At this point, attackers can use prepared CLI requests to execute malicious code without authentication. Due to the classification, it can be assumed that attackers will gain full control after a successful attack.
As support for FortiSIEM 5.x and up to and including 6.6 has expired, these versions will no longer receive security updates. The versions 6.7.10, 7.0.4, 7.1.8, 7.2.6, and 7.3.2 are protected against the described attack. FortiSIEM 7.4 should not be threatened.
Firewalls can be compromised
As a security researcher writes in an article, attackers can bypass the authentication of FortiWeb firewalls. The vulnerability lies in out-of-band (OOB) management access when handling cookies.
Videos by heise
According to the description, attackers can force servers to use a predictable and therefore no longer secret key for a session. According to Fortinet, attackers must use special requests to access the gap and then access the firewall on behalf of an existing user.
According to the developers, FortiWeb 8.0 is not threatened by this. The security updates 7.0.11, 7.2.11, 7.4.8, and 7.6.4 are available for download for 7.x.x editions.
Further threats
Attacks on FortiCamera, FortiMail, and FortiPAM, among others, are also conceivable. Attackers can execute their commands at these locations or access data that is actually protected.
(des)
