The article details a series of vulnerabilities found in the FortiSIEM appliance, culminating in CVE-2025-64155. It describes how these issues enable remote code execution and privilege escalation, showcasing the exploitation process that leads to full system compromise. The timeline of reporting and patching efforts by Fortinet is also outlined.

Fortinet confirmed that a December patch failed to fully secure its FortiCloud single sign-on system, allowing attackers to access devices with the supposed fix. New attack methods have been identified, prompting Fortinet to investigate further and advise customers to monitor for unusual login activity.

Fortinet identified a serious vulnerability in FortiClientEMS (CVE-2026-21643) that allows unauthorized code execution through its web interface. While there are no known active exploits yet, applying the available fixes is crucial to prevent potential attacks. Versions 7.2 and 8.0 are not affected.

A zero-day vulnerability affecting Fortinet devices has been identified, allowing attackers to create admin-level user accounts through a specific HTTP POST request. The exploit targets FortiWeb versions below 8.0.2, and multiple source IPs and credential combinations have been linked to the attack. Users should investigate their devices, especially if management interfaces are exposed.

This article details a serious security vulnerability in Fortinet's FortiWeb that allows attackers to impersonate users, including administrators, through a path traversal and authentication bypass exploit. The vulnerability, identified as CVE-2025-64446, enables unauthorized access to administrative functions, potentially compromising the affected systems.

Fortinet disclosed a new zero-day vulnerability, CVE-2026-24858, which allows attackers to exploit the FortiCloud single sign-on feature for unauthorized logins. This critical flaw has a CVSS score of 9.8 and affects multiple Fortinet products, prompting the company to temporarily disable SSO authentication to mitigate ongoing attacks.

A critical vulnerability identified as CVE-2025-25257 in Fortinet’s FortiWeb can lead to remote code execution, posing significant security risks. Users are urged to apply patches immediately to mitigate potential exploitation of this flaw.

Fortinet has issued a warning regarding a critical remote unauthenticated command injection vulnerability (CVE-2025-25256) in FortiSIEM, which has exploit code available in the wild. Organizations are urged to update to newer versions of FortiSIEM to mitigate the risk, as older versions are no longer supported and vulnerable. A temporary workaround is suggested to limit exposure until upgrades can be applied.

Researchers have developed a proof of concept (PoC) for a critical vulnerability in Fortinet's products, identified as CVE-2025-32756. The vulnerability allows for remote code execution, prompting the need for a quick patch to mitigate potential exploits. Users are advised to update their systems promptly to avoid security risks.