- November 19, 2025
- Posted by: Chernor Jalloh
- Categories:
No Comments
Fortinet has disclosed a critical OS Command Injection flaw in FortiSIEM (CVSS 9.8) that is actively exploited in the wild.
Impact:
Allows unauthenticated attackers to execute system commands & take control of affected systems. Affected Versions: FortiSIEM 6.1 – 7.3.1 (Fixed in 6.7.10+, 7.0.4+, 7.1.8+, 7.2.6+, 7.3.2+) Mitigation:
• Update immediately to the latest patched version.
• Restrict access to phMonitor port (7900).
• Limit internet exposure & monitor for suspicious activity.
Organizations are strongly urged to patch now to prevent compromise.
Full advisory available on our website: https://nccc.gov.sl/Alerts_Advisories/