The article details a series of vulnerabilities found in the FortiSIEM appliance, culminating in CVE-2025-64155. It describes how these issues enable remote code execution and privilege escalation, showcasing the exploitation process that leads to full system compromise. The timeline of reporting and patching efforts by Fortinet is also outlined.

Fortinet has issued a warning regarding a critical remote unauthenticated command injection vulnerability (CVE-2025-25256) in FortiSIEM, which has exploit code available in the wild. Organizations are urged to update to newer versions of FortiSIEM to mitigate the risk, as older versions are no longer supported and vulnerable. A temporary workaround is suggested to limit exposure until upgrades can be applied.