A critical vulnerability identified as CVE-2025-25257 in Fortinet’s FortiWeb can lead to remote code execution, posing significant security risks. Users are urged to apply patches immediately to mitigate potential exploitation of this flaw.

Fortinet has issued a warning regarding a critical remote unauthenticated command injection vulnerability (CVE-2025-25256) in FortiSIEM, which has exploit code available in the wild. Organizations are urged to update to newer versions of FortiSIEM to mitigate the risk, as older versions are no longer supported and vulnerable. A temporary workaround is suggested to limit exposure until upgrades can be applied.

Researchers have developed a proof of concept (PoC) for a critical vulnerability in Fortinet's products, identified as CVE-2025-32756. The vulnerability allows for remote code execution, prompting the need for a quick patch to mitigate potential exploits. Users are advised to update their systems promptly to avoid security risks.