Hackers News Hackers News
  • CyberSecurity News
  • Threats
  • Attacks
  • Vulnerabilities
  • Breaches
  • Comparisons

Social Media

Hackers News Hackers News
  • CyberSecurity News
  • Threats
  • Attacks
  • Vulnerabilities
  • Breaches
  • Comparisons
Search the Site
Popular Searches:
technology Amazon AI
Recent Posts
India Halts WhatsApp Usernames Rollout Due to Fraud Concerns
July 1, 2026
Critical Cursor IDE RCE Vulnerabilities Allow Zero-Click Prompt Injection
July 1, 2026
Automated Password Spray Attacks Target Microsoft Azure CLI
July 1, 2026
Home/CyberSecurity News/Critical FortiSIEM Vulnerability Lets Attackers Run Arbitrary Commands via TCP Packets
CyberSecurity News

Critical FortiSIEM Vulnerability Lets Attackers Run Arbitrary Commands via TCP Packets

A critical OS command injection vulnerability, disclosed by Fortinet on January 13, 2026, impacts its FortiSIEM product. This high-risk flaw permits unauthenticated attackers to execute arbitrary...

Marcus Rodriguez
Marcus Rodriguez
January 14, 2026 2 Min Read
29 0

A critical OS command injection vulnerability, disclosed by Fortinet on January 13, 2026, impacts its FortiSIEM product. This high-risk flaw permits unauthenticated attackers to execute arbitrary code.

Tracked as CVE-2025-64155, the issue stems from improper neutralization of special elements in OS commands (CWE-78) within the phMonitor component on port 7900. Attackers can craft malicious TCP requests to Super and Worker nodes, potentially resulting in full-system compromise.

With a CVSS v3.1 base score of 9.4 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), the vulnerability is rated Critical due to its network accessibility, low complexity, and lack of required privileges.

No user interaction is required, and exploitation could result in remote code execution, data theft, or persistence in environments that rely on FortiSIEM for security information and event management.

Affected Versions and Fixes

This flaw affects multiple FortiSIEM branches but leaves Collector nodes unaffected. Fortinet urges immediate upgrades or migrations, with a workaround of restricting access to TCP port 7900 via firewalls.

Version Affected Releases Solution
FortiSIEM Cloud Not affected Not Applicable
FortiSIEM 7.5 Not affected Not Applicable
FortiSIEM 7.4 7.4.0 Upgrade to 7.4.1 or above
FortiSIEM 7.3 7.3.0 through 7.3.4 Upgrade to 7.3.5 or above
FortiSIEM 7.2 7.2.0 through 7.2.6 Upgrade to 7.2.7 or above
FortiSIEM 7.1 7.1.0 through 7.1.8 Upgrade to 7.1.9 or above
FortiSIEM 7.0 7.0.0 through 7.0.4 Migrate to a fixed release
FortiSIEM 6.7 6.7.0 through 6.7.10 Migrate to a fixed release

Organizations running vulnerable versions in production face elevated risks, especially in hybrid or on-premises SIEM deployments.

Security researcher Zach Hanley (@hacks_zach) of Horizon3.ai responsibly reported the bug under Fortinet’s program. The advisory (FG-IR-25-772) appeared on Fortinet’s PSIRT page, with NVD details pending full analysis. No evidence of active exploitation has surfaced yet, but the unauthenticated nature demands urgency.

Fortinet recommends auditing logs for anomalous TCP/7900 traffic and applying patches promptly. This incident underscores the need for least-privilege network segmentation in SIEM architectures.

Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.

Tags:

AttackCVEExploitPatchSecurityVulnerability

Share Article

Marcus Rodriguez

Marcus Rodriguez

Marcus is a security researcher and investigative journalist with expertise in vulnerability research, bug bounties, and cloud security. Since 2017, Marcus has been breaking stories on critical vulnerabilities affecting major platforms. His investigative work has led to the disclosure of numerous security flaws and improved defenses across the industry. Marcus is an active participant in bug bounty programs and has been recognized for responsible disclosure practices. He holds multiple security certifications and regularly speaks at industry events.

Previous Post

Researchers Proposed Game-Theoretic AI for Guiding Attack and Defense

Next Post

Betterment Confirms that Hackers Gained Access to Internal Systems

No Comment! Be the first one.

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Popular Posts
Critical Fluentd Vulnerabilities Allow Remote Code Execution
July 1, 2026
Weaponized Google Ads Install Malicious Claude Code to Hijack macOS
July 1, 2026
Critical Adobe ColdFusion Vulnerabilities Let Attackers Run Code
July 1, 2026
Top Authors
Marcus Rodriguez
Marcus Rodriguez
Jennifer sherman
Jennifer sherman
Emy Elsamnoudy
Emy Elsamnoudy
Let's Connect
156k
2.25m
285k

Related Posts

Jennifer sherman
By Jennifer sherman
Threats

GlassWorm Attacks macOS via Malicious VS Code…

January 1, 2026
Emy Elsamnoudy
By Emy Elsamnoudy
Attacks

ClickFix Attack Hides Malicious Code via Stegan Security

January 1, 2026
Sarah simpson
By Sarah simpson
Vulnerabilities

MongoBleed Detector Tool Released to Detect MongoDB Vulnerability(CVE-2025-14847)

January 1, 2026
Emy Elsamnoudy
By Emy Elsamnoudy
Breaches

Conti Ransomware Gang Leaders & Infrastructure Exposed

January 1, 2026
Hackers News Hackers News
  • [email protected]

Quick Links

  • Contact Us
  • Privacy Policy
  • Terms of service

Categories

Attacks
Breaches
Comparisons
CyberSecurity News
Threats
Vulnerabilities

Let's keep in touch

receive fresh updates and breaking cyber news every day and week!

All Rights Reserved by HackersRadar ©2026

Follow Us