Skip to main content
A Singapore Government Agency Website How to identify
Official website links end with .gov.sg
Government agencies communicate via .gov.sg websites (e.g. go.gov.sg/open). Trusted websites
Secure websites use HTTPS
Look for a lock () or https:// as an added precaution. Share sensitive information only on official, secure websites.

Government officials will never ask you to transfer money or disclose bank log-in details over a phone call.

Call the 24/7 ScamShield Helpline at 1799 if you are unsure if something is a scam.

Cyber Security Agency of Singapore
Alerts

Critical Vulnerability in FortiSIEM

15 January 2026

Fortinet has released security updates to address critical vulnerability affecting their FortiSIEM product. Users and administrators of affected product versions are advised to update to the latest version immediately.

Background

Fortinet has released security updates to address critical vulnerability (CVE-2025-64155) affecting FortiSIEM. The vulnerability has a Common Vulnerability Scoring System (CVSS v3.1) score of 9.8 out of 10. 

Impact

Successful exploitation of this Operating System (OS) command injection vulnerability could allow an unauthenticated attacker to execute arbitrary code or commands through specially crafted TCP requests.

Affected Products

The vulnerability affect the following product versions:

  • FortiSIEM 7.4.0

  • FortiSIEM 7.3.0 through 7.3.4

  • FortiSIEM 7.2.0 through 7.2.6

  • FortiSIEM 7.1.0 through 7.1.8

  • FortiSIEM 7.0.0 through 7.0.4

  • FortiSIEM 6.7.0 through 6.7.10

Known Exploitation

Exploit code for this vulnerability is publicly available.

Mitigation

Users and administrators of affected products are advised to update the affected products to the latest version immediately.

For versions 7.0.x and 6.7.x, users should migrate to a fixed release.

Workaround

If patching is not immediately possible, administrators may consider the following:

  • Implement network or host-based firewall rules to restrict access to the FortiSIEM server

  • Specifically block or tightly limit access to the phMonitor service on TCP port 7900

  • Ensure FortiSIEM services are only reachable from trusted administrative networks

References

https://nvd.nist.gov/vuln/detail/CVE-2025-64155

https://fortiguard.fortinet.com/psirt/FG-IR-25-772

https://horizon3.ai/attack-research/vulnerabilities/cve-2025-64155-fortinet-fortisiem/

https://www.esentire.com/security-advisories/critical-fortinet-fortisiem-vulnerability-cve-2025-64155-disclosed

https://github.com/horizon3ai/CVE-2025-64155

Back to top