Exploit Code Public for Critical FortiSIEM Command Injection Flaw

Exploit Code Public for Critical FortiSIEM Command Injection Flaw www.bleepingcomputer.com/news/secu… Technical details and public exploit code have been released for a critical vulnerability affecting Fortinet’s FortiSIEM platform, enabling a remote, unauthenticated attacker to execute arbitrary commands or code. The vulnerability, tracked as CVE-2025-25256, combines two flaws that allow arbitrary file writes with administrative privileges and subsequent privilege escalation to root access. Researchers at penetration testing firm Horizon3.ai disclosed the issue in mid-August 2025. Fortinet addressed the vulnerability in early November across four of the five active development branches and announced this week that all affected versions have now been fully patched. Fortinet described CVE-2025-25256 as an improper neutralization of special elements in an operating system command, which could allow an unauthenticated attacker to execute unauthorized commands or code through crafted TCP requests. According to Horizon3.ai, the root cause is the exposure of dozens of command handlers within the phMonitor service that can be invoked remotely without authentication, significantly increasing the risk of exploitation.