**Fortinet Patches Critical Flaws in FortiFone and FortiSIEM**

Fortinet has released patches for six vulnerabilities, including two critical bugs in FortiFone and FortiSIEM that attackers could exploit without authentication. The company has addressed the flaws to prevent potential security breaches.

The first vulnerability, tracked as CVE-2025-64155 (CVSS score of 9.4), is an improper neutralization of special elements used in an OS command that could lead to OS Command Injection. This flaw impacts FortiSIEM, allowing an unauthenticated attacker to execute unauthorized code or commands via crafted TCP requests.

According to the advisory from Fortinet, "An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] in FortiSIEM may allow an unauthenticated attacker to execute unauthorized code or commands via crafted TCP requests."

This vulnerability affects specific versions of FortiSIEM and only impacts the Super and Worker nodes, not Collector nodes. As a workaround, Fortinet recommends limiting access to the phMonitor port (7900).

The second critical flaw, tracked as CVE-2025-47855 (CVSS score of 9.3), addressed by Fortinet is an exposure of sensitive information to an unauthorized actor issue in FortiFone Web Portal page.

According to the advisory from Fortinet, "An exposure of sensitive information to an unauthorized actor [CWE-200] vulnerability in FortiFone Web Portal page may allow an unauthenticated attacker to obtain the device configuration via crafted HTTP or HTTPS requests."

This flaw affects FortiFone versions 3.0.24 and 7.0.2, and was reported by Théo Leleu from the Fortinet Product Security team.

It is unclear whether one of the flaws addressed by Fortinet has been actively exploited in attacks in the wild.

Researchers Behind the Discovery

  • Zach Hanley (@hacks_zach) of Horizon3.ai reported the OS Command Injection vulnerability (CVE-2025-64155)
  • Théo Leleu from Fortinet Product Security team reported the exposure of sensitive information to an unauthorized actor issue (CVE-2025-47855)

Recommendations and Workarounds

  • Limited access to the phMonitor port (7900) in FortiSIEM as a workaround for CVE-2025-64155
  • Patch FortiFone versions 3.0.24 and 7.0.2 with the latest updates

Stay Informed

Follow me on Twitter: @securityaffairs and Facebook and Mastodon for the latest security news and updates.