Alerts
Critical Vulnerability in FortiSIEM
15 January 2026
Fortinet has released security updates to address critical vulnerabilities affecting their FortiSIEM product. Users and administrators of affected product versions are advised to update to the latest version immediately.
Background
Fortinet has released security updates to address critical vulnerabilities (CVE-2025-64155) affecting FortiSIEM. The vulnerability has a Common Vulnerability Scoring System (CVSS v3.1) score of 9.8 out of 10.
Impact
Successful exploitation of this Operating System (OS) command injection vulnerability could allow an unauthenticated attacker to execute arbitrary code or commands through specially crafted TCP requests.
Affected Products
The vulnerabilities affect the following product versions:
FortiSIEM 7.4.0
FortiSIEM 7.3.0 through 7.3.4
FortiSIEM 7.2.0 through 7.2.6
FortiSIEM 7.1.0 through 7.1.8
FortiSIEM 7.0.0 through 7.0.4
FortiSIEM 6.7.0 through 6.7.10
Known Exploitation
Exploit code for this vulnerability is publicly available.
Mitigation
Users and administrators of affected products are advised to update the affected products to the latest version immediately.
For versions 7.0.x and 6.7.x, users should migrate to a fixed release.
Workaround
If patching is not immediately possible, administrators may consider the following:
Implement network or host-based firewall rules to restrict access to the FortiSIEM server
Specifically block or tightly limit access to the phMonitor service on TCP port 7900
Ensure FortiSIEM services are only reachable from trusted administrative networks
References
https://nvd.nist.gov/vuln/detail/CVE-2025-64155
https://fortiguard.fortinet.com/psirt/FG-IR-25-772
https://horizon3.ai/attack-research/vulnerabilities/cve-2025-64155-fortinet-fortisiem/