Fortinet patches critical FortiSIEM flaw enabling unauthenticated remote code execution
Fortinet released patches for FortiSIEM to fix CVE-2025-64155, an unauthenticated OS command injection that could let an attacker execute code via crafted requests to the phMonitor service on port 7900, potentially enabling a reverse shell and root-level control. The flaw affects multiple FortiSIEM versions; users should upgrade to fixed releases or restrict access to port 7900 as a workaround. The advisory also patches a separate FortiFone vulnerability (CVE-2025-47855).