Ce mail provient de l'extérieur, restons vigilants

=====================================================================

                            CERT-Renater

                Note d'Information No. 2025/VULN509
_____________________________________________________________________

DATE                : 13/08/2025

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running FortiSIEM versions prior to 7.3.2,
                               7.2.6, 7.1.8, 7.0.4, 6.7.10.

=====================================================================
https://www.fortiguard.com/psirt/FG-IR-25-152
_____________________________________________________________________

Remote unauthenticated command injection


Summary

An improper neutralization of special elements used in an OS command
('OS Command Injection') vulnerability [CWE-78] in FortiSIEM may allow
an unauthenticated attacker to execute unauthorized code or commands
via crafted CLI requests.

Practical exploit code for this vulnerability was found in the wild.


Version 	Affected 	Solution
FortiSIEM 7.4 	Not affected 	Not Applicable
FortiSIEM 7.3 	7.3.0 through 7.3.1 	Upgrade to 7.3.2 or above
FortiSIEM 7.2 	7.2.0 through 7.2.5 	Upgrade to 7.2.6 or above
FortiSIEM 7.1 	7.1.0 through 7.1.7 	Upgrade to 7.1.8 or above
FortiSIEM 7.0 	7.0.0 through 7.0.3 	Upgrade to 7.0.4 or above
FortiSIEM 6.7 	6.7.0 through 6.7.9 	Upgrade to 6.7.10 or above
FortiSIEM 6.6 	6.6 all versions 	Migrate to a fixed release
FortiSIEM 6.5 	6.5 all versions 	Migrate to a fixed release
FortiSIEM 6.4 	6.4 all versions 	Migrate to a fixed release
FortiSIEM 6.3 	6.3 all versions 	Migrate to a fixed release
FortiSIEM 6.2 	6.2 all versions 	Migrate to a fixed release
FortiSIEM 6.1 	6.1 all versions 	Migrate to a fixed release
FortiSIEM 5.4 	5.4 all versions 	Migrate to a fixed release


IoCs

The exploitation code does not appear to produce distinctive IoCs.


Workaround

    Limit access to the phMonitor port (7900)


Timeline

2025-08-12: Initial publication
IR Number 	FG-IR-25-152
Published Date 	Aug 12, 2025
Component 	OTHERS
Severity 	Critical
CVSSv3 Score 	9.8
Impact 	Escalation of privilege
CVE ID 	CVE-2025-25256
CVRF 	Download


=========================================================
+ CERT-RENATER        |    tel : 01-53-94-20-44         +
+ 23/25 Rue Daviel    |    fax : 01-53-94-20-41         +
+ 75013 Paris         |   email:cert@support.renater.fr +
=========================================================