Fortinet Fixes Critical FortiSIEM Flaw Allowing Unauthenticated Remote Code Execution
The Hacker News • • technology
Key Points:
- Fortinet has released critical security updates to address a high-severity OS command injection vulnerability (CVE-2025-64155) in FortiSIEM, rated 9.4/10 on the CVSS scale, which allows unauthenticated attackers to execute arbitrary code on affected Super and Worker nodes.
- The flaw involves the phMonitor service handling TCP requests on port 7900, enabling attackers to inject arguments that lead to arbitrary file writes and privilege escalation from admin to root by exploiting a cron job executing a writable reverse shell script.
- Security researcher Zach Hanley discovered the vulnerability, highlighting that several command handlers in phMonitor do not require authentication, making exploitation easier once network access to port 7900 is obtained.
- Fort
