Source: Ministry of education information & communication security contingency platform
| Publication Number | TACERT-ANA-2025081409084747 | Publication Time | 2025/08/14 09:47 |
| Incident Type | ANA-Vulnerability Alert | Discovery Time | 2025/08/14 09:47 |
| Impact Level | Low | ||
| [Subject] 【Vulnerability Alert】 A critical security vulnerability exists in Fortinet’s FortiSIEM (CVE-2025-25256) |
|||
| [Content] Forwarded from TWCERTCC-200-202508-00000007 FortiSIEM is Fortinet’s next-generation Security Information and Event Management (SIEM) platform, leveraging AI and automation technologies to enhance threat detection and security operations efficiency while reducing management complexity. Recently, Fortinet released a critical security vulnerability announcement (CVE-2025-25256, CVSS: 9.8). This is an operating system command injection vulnerability that may allow an unauthenticated attacker to execute unauthorized code or commands through specially crafted Command Line Interface (CLI) requests. Information Sharing Level: WHITE (Information content can be publicly disclosed) |
|||
| [Affected Platform] ● FortiSIEM versions 7.3.0 to 7.3.1 ● FortiSIEM versions 7.2.0 to 7.2.5 ● FortiSIEM versions 7.1.0 to 7.1.7 ● FortiSIEM versions 7.0.0 to 7.0.3 ● FortiSIEM versions 6.7.0 to 6.7.9 |
|||
| [Recommended Actions] Please update to the following versions: ● FortiSIEM version 7.3.2 ● FortiSIEM version 7.2.6 ● FortiSIEM version 7.1.8 ● FortiSIEM version 7.0.4 ● FortiSIEM version 6.7.10 ● FortiSIEM version 6.6 and below should migrate to fixed versions |
|||
| [Reference] https://www.twcert.org.tw/tw/cp-169-10322-f7c42-1.html |
|||