The article details a series of vulnerabilities found in the FortiSIEM appliance, culminating in CVE-2025-64155. It describes how these issues enable remote code execution and privilege escalation, showcasing the exploitation process that leads to full system compromise. The timeline of reporting and patching efforts by Fortinet is also outlined.

This article details a serious security vulnerability in Fortinet's FortiWeb that allows attackers to impersonate users, including administrators, through a path traversal and authentication bypass exploit. The vulnerability, identified as CVE-2025-64446, enables unauthorized access to administrative functions, potentially compromising the affected systems.