FortiSIEM – TheCyberThrone

CVE-2025-64155 – Critical RCE in Fortinet FortiSIEM

Fortinet patched a severe unauthenticated remote command injection flaw in FortiSIEM on January 13, 2026, tracked as CVE-2025-64155 with CVSS 9.4.Discovered by Horizon3.ai in August 2025, it chains argument injection…

PravinKarthik January 14, 2026

CVE-2025-25256 affects FortiSIEM

1. Vulnerability Overview CVE-2025-25256 is a critical command injection bug in Fortinet FortiSIEM’s phMonitor service, exposed on TCP port 7900. It enables unauthenticated remote attackers to execute OS-level commands by…

PravinKarthik August 14, 2025

Fortinet fixes critical vulnerabilities in FortiSIEM

Fortinet has warned that two critical-severity vulnerabilities in FortiSIEM could lead to remote code execution. The issues, tracked as CVE-2024-23108 and CVE-2024-23109 both has a CVSS score of 10, as…

PravinKarthik February 7, 2024

FortiSIEM Critical RCE Vulnerability – CVE-2023-36553

Researchers has discovered a critical vulnerability in FortiSIEM that could allow remote attackers to execute arbitrary commands on affected systems. The vulnerability tracked as CVE-2023-36553 and assigned a CVSS score…

PravinKarthik November 16, 2023