Fortinet Warns About FortiSIEM Vulnerability (CVE-2025-25256) With In-the-Wild Exploit Code

August 13, 2025
No Comments

Fortinet Warns About FortiSIEM Vulnerability (CVE-2025-25256) With In-the-Wild Exploit Code

Fortinet is alerting customers of a critical security flaw in FortiSIEM for which it said there exists an exploit in the wild.
The vulnerability, tracked as CVE-2025-25256, carries a CVSS score of 9.8 out of a maximum of 10.0.
“An improper neutralization of special elements used in an OS command (‘OS Command Injection’) vulnerability [CWE-78] in FortiSIEM may allow an unauthenticated attacker to

Leave a Reply Cancel reply

The Real Purpose of the UK’s Online Safety Act: An Expert Explains August 13, 2025
The introduction of the UK’s Online Safety Act has sparked a lot of conversation and confusion. Both users and businesses are still trying to make sense of what it really means and how to navigate it. Professor George Loukas, Professor of Cyber Security (Human-centric and Cyber-physical Security) at the University of Greenwich, is here to […]
Dilki Rathnayake
Empowering Citizen Developers Without Compromising Security August 13, 2025
Thanks to no-code tools, citizen application development platforms (CADPs) are ushering in a new era where business units are no longer waiting in IT backlogs for application support—they’re building their own. Employees without coding skills are creating business applications, workflow automations, and integrations with a few clicks. According to Gartner, citizen developers will contribute up […]
Yair Finzi
Persistent Risk: XZ Utils Backdoor Still Lurking in Docker Images August 13, 2025
In March last year, an insidious software supply chain compromise was revealed. The discovery of a backdoor in XZ Utils shook the cybersecurity world, thanks to its technical sophistication and for the bad actor’s methodical patience. A developer known as “Jia Tan” had spent two years earning trust in the XZ Utils project. The code […]
Kirsten Doyle
Erlang/OTP SSH Flaw Actively Exploited in OT Networks August 13, 2025
A critical flaw in Erlang’s Open Telecom Platform is under active attack. CVE-2025-32433 carries a CVSS score of 10.0 and allows remote code execution without authentication. According to Palo Alto’s Unit 42 reseachers, it affects the platform’s native SSH daemon, used to manage hosts in telecom, 5G, and industrial systems. Bad actors can send specific […]
Kirsten Doyle
Breach at Dutch Lab Exposes Data of 485,000 in Cervical Cancer Screening August 12, 2025
A breach at a Dutch laboratory has exposed the personal and medical data of more than 485,000 women in the national cervical cancer screening programme. The attack hit Clinical Diagnostics NMDL, a Eurofins subsidiary in Rijswijk. The lab tests self-sample kits and smear test samples for Bevolkingsonderzoek Nederland (Population Research Netherlands). Bad actors accessed names, […]
Kirsten Doyle
Researchers Expose GPT-5 Jailbreak That Bypasses Safety Controls August 12, 2025
Cybersecurity researchers at two companies have uncovered a jailbreak technique that bypasses ethical guardrails set up by OpenAI in its latest large language model (LLM), GPT-5, and produces illicit instructions. AI security startup SPLX, used more than 1,000 adversarial prompts in different configurations and found that the raw, unguarded GPT-5 without a system prompt will […]
Kirsten Doyle
Invitation Is All You Need: How Researchers Used a Calendar Event to Hijack Gemini Agents August 11, 2025
A Google Calendar invite. That’s all it took. Researchers from SafeBreach Labs have shown that an LLM-powered assistant like Google’s Gemini can be tricked into running malicious commands, accessing sensitive data, and even manipulating physical devices in a victim’s home, without a single click. Their work introduces a new variant of Promptware, called Targeted Promptware […]
Kirsten Doyle
Red Canary Flags Rapid Rise in Cloud-Based Attacks August 11, 2025
Red Canary has published its mid-year update to the 2025 Threat Detection Report, and the message is that threat actors are shifting tactics, and identity is the new battleground. Based on detections gathered in the first half of the year, the update shows a marked rise in cloud and identity threats, along with troubling signs […]
Kirsten Doyle
Over a Million Medical Devices Exposed Online, Revealing Private Patient Scans August 7, 2025
The healthcare industry’s digital expansion may be exposing more than it protects. How would you feel if strangers online saw your MRI scan and knew your diagnosis, maybe even before you did? That’s not a hypothetical, it’s already happening. New research from Modat shows that more than 1.2 million internet-connected healthcare devices and systems are […]
Kirsten Doyle
What Happens When Devices Cross Borders? The Role of Geofencing in Global IT August 7, 2025
Regional conflicts have triggered a significant corporate exodus, with many organizations shifting bases. This resulted in employees and their devices constantly being on the move. However, this isn’t an entirely new phenomenon. Nearly half a decade ago, the post-pandemic era had already ushered in a generation of borderless businesses and digital nomads. Globalization, economic incentives, […]
Apu Pavithran

Fortinet Warns About FortiSIEM Vulnerability (CVE-2025-25256) With In-the-Wild Exploit Code

Webinar: What the Next Wave of AI Cyberattacks Will Look Like — And How to Survive

AI SOC 101: Key Capabilities Security Leaders Need to Know

Leave a Reply Cancel reply

[email protected]

Fortinet Warns About FortiSIEM Vulnerability (CVE-2025-25256) With In-the-Wild Exploit Code

Fortinet Warns About FortiSIEM Vulnerability (CVE-2025-25256) With In-the-Wild Exploit Code

Share :

Leave a Reply Cancel reply