a

News

a

News

a

News

a

News

Fortinet FortiSIEM & FortiOS Critical Vulnerabilities

14 Dec 2026

Overview

  • CVE: CVE-2025-64155, CVE-2025-25249

  • Severity: Critical

  • Date: 14 Jan 2026

Summary

Fortinet has released urgent security updates for FortiSIEM and FortiOS to address critical vulnerabilities. CVE-2025-64155 allows unauthenticated remote code execution as root, while CVE-2025-25249 permits arbitrary code execution via the cw_acd daemon.

Affected Versions

  • FortiSIEM (CVE-2025-64155): 7.4.0, 7.3.0 through 7.3.4, 7.1.0 through 7.1.8, 7.0.0 through 7.0.4, 6.7.0 through 6.7.10.

  • FortiOS (CVE-2025-25249): 7.6.0 through 7.6.3, 7.4.0 through 7.4.8, 7.2.0 through 7.2.11, 7.0.0 through 7.0.17, 6.4.0 through 6.4.16.

  • FortiSwitchManager (CVE-2025-25249): 7.2.0 through 7.2.6, 7.0.0 through 7.0.5.

Vulnerability Breakdown
CVE-2025-64155 – Unauthenticated Remote Command Injection

  • Severity: Critical

  • CVSS: 9.4

  • Description: An improper neutralization of special elements used in an OS command in FortiSIEM allows an attacker to execute unauthorized code or commands via crafted TCP requests.

  • Impact: Remote Code Execution (RCE) as root.

  • Conditions: Unauthenticated access to the target system.

  • Notes: Allows for remote rooting of the FortiSIEM.

CVE-2025-25249 – Heap-based Buffer Overflow

  • Severity: High

  • CVSS: 7.4

  • Description: A heap-based buffer overflow in the FortiOS and FortiSwitchManager cw_acd daemon.

  • Impact: Execute arbitrary code or commands.

  • Conditions: Remote unauthenticated attacker via specifically crafted requests.

  • Notes: Affects the cw_acd daemon.

Mitigation

Upgrade to the latest versions provided by Fortinet:

  • FortiSIEM: Upgrade to fixed release.

  • FortiOS: Upgrade to 7.6.4, 7.4.9, 7.2.12, 7.0.18, 6.4.17 or above.

  • FortiSwitchManager: Upgrade to 7.2.7, 7.0.6 or above.

Workaround (CVE-2025-25249):

  • Remove “fabric” access for interfaces or block CAPWAP-CONTROL access to port 5246-5249.

Summary for IT Teams

  • Products: Fortinet FortiSIEM, FortiOS, FortiSwitchManager

  • Threat Level: Critical, CVSS 9.4

  • Action Required: Patch immediately.

Reference
Need Help?

If your organisation requires assistance identifying affected systems, enforcing browser updates or reviewing browser security policies, please contact our SOC team via soc@secure-iss.com.

Cta Image

Australia is secure when
Australian talent defends it.

Reach out today to discuss how with Lumara, we can work together to protect your business from the always changing Australian threat landscape.

Contact US

Cta Image

Australia is secure when
Australian talent defends it.

Reach out today to discuss how with Lumara, we can work together to protect your business from the always changing Australian threat landscape.

Contact US

Cta Image

Australia is secure when
Australian talent defends it.

Reach out today to discuss how with Lumara, we can work together to protect your business from the always changing Australian threat landscape.

Contact US

Cta Image

Australia is secure when
Australian talent defends it.

Reach out today to discuss how with Lumara, we can work together to protect your business from the always changing Australian threat landscape.

Contact US