Patch now! Attacks on Fortinet IT security solutions may be imminent
Because exploit code is in circulation, attacks on FortiSIEM and FortiWeb firewalls are likely. Security patches are available.
(Image: Sashkin/Shutterstock.com)
Network admins who manage Fortinet IT security solutions should ensure that the latest updates are installed. Exploit code is currently making the rounds and attackers are very likely to attack FortiSIEM and FortiWeb in the near future. Successful attacks can have far-reaching consequences.
Dangerous security vulnerabilities
Both vulnerabilities (FortiSIEM CVE-2025-25256 "critical", FortiWeb CVE-2025-52970 "high") were closed by the Fortinet developers on the latest patch day. Shortly afterwards, they warned that exploit code to exploit the gap in FortiSIEM is in circulation.
Because certain inputs are not sufficiently checked, attackers can use crafted CLI requests to exploit the vulnerability. If an attack succeeds, attackers can execute their own code. Accordingly, it can be assumed that systems are then completely compromised.
Videos by heise
According to a warning message, FortiSIEM 7.4 is not affected by this. The versions 6.7.10, 7.0.4, 7.1.8, 7.2.6 and 7.3.2 are secured. Support for FortiSIEM 6.2 to 6.6 has expired and these versions will no longer receive security updates. At this point, attackers must upgrade to a version that is still supported.
Access without login
If attackers successfully exploit the gap in FortiWeb, they can manipulate a private key in order to subsequently generate legitimate authentication cookies. Equipped with this, they can then even access instances as an admin. A security researcher has now published exploit code for this. He has named the vulnerability FortMajeure. He provides technical details in a blog post. (des)
