嗯,用户让我用中文帮他总结一篇文章的内容,控制在100字以内,而且不需要用“文章内容总结”或者“这篇文章”这样的开头。直接写描述即可。好的,我得先仔细看看这篇文章讲了什么。 文章主要讲的是Fortinet的SIEM解决方案出现了一个关键漏洞,编号是CVE-2025-25256。这个漏洞允许远程未认证的攻击者执行命令或代码。漏洞是两个问题的结合,一个是任意写入权限,另一个是权限提升到root。研究人员在8月中旬报告了这个问题,Fortinet在11月初修复了四个开发分支中的问题,并在本周宣布所有受影响版本都已打补丁。 FortiSIEM受此漏洞影响的版本是从6.7到7.5,但7.5和云版本不受影响。补丁已经发布,不支持的旧版本无法修复。唯一的解决办法是限制phMonitor端口的访问。 用户的需求是总结文章内容,控制在100字以内。我需要抓住关键点:漏洞名称、影响范围、攻击者能力、修复情况以及受影响版本。 现在开始组织语言:FortiSIEM被发现有关键漏洞(CVE-2025-25256),允许远程攻击者执行代码。该漏洞由两部分组成:任意写入和权限提升。研究人员报告后,Fortinet修复了四个分支,并发布补丁。受影响版本包括6.7到7.5(除7.5和云版)。建议限制phMonitor端口访问以应对未修复的情况。 检查字数是否在100字以内,并确保没有使用不需要的开头。 </think> FortiSIEM被发现存在关键漏洞(CVE-2025-25256),允许远程攻击者执行代码或命令。该漏洞由两部分组成:任意写入权限和权限提升至root。研究人员报告后,Fortinet已修复四个开发分支并发布补丁。受影响版本包括6.7至7.5(除7.5和云版)。建议限制phMonitor端口访问以应对未修复情况。 2026-1-14 19:0:25 Author: www.bleepingcomputer.com(查看原文) 阅读量:0 收藏
Technical details and a public exploit have been published for a critical vulnerability affecting Fortinet's Security Information and Event Management (SIEM) solution that could be leveraged by a remote, unauthenticated attacker to execute commands or code.
The vulnerability is tracked as CVE-2025-25256, and is a combination of two issues that permit arbitrary write with admin permissions and privilege escalation to root access.
Researchers at penetration testing company Horizon3.ai reported the security issue in mid-August 2025. In early November, Fortinet addressed it in four out of five development branches of the product and announced this week that all vulnerable versions have been patched.
Fortinet describes the CVE-2025-25256 vulnerability as "an improper neutralization of special elements used in an OS command vulnerability in FortiSIEM may allow an unauthenticated attacker to execute unauthorized code or commands via crafted TCP requests."
Horizon3.ai has published a detailed write-up explaining that the root cause of the issue is the exposure of dozens of command handlers on the phMonitor service, which can be invoked remotely without authentication.
The researchers say that this service has been the entry point for multiple FortiSIEM vulnerabilities over several years, like CVE-2023-34992 and CVE-2024-23108, and underline that ransomware groups like Black Basta have previously shown sincere interest in these flaws.
Along with technical details about CVE-2025-25256, the researchers have also published a demonstrative exploit. Since the vendor delivered the fix and published a security advisory, the researchers decided to share the exploit code.
The flaw impacts FortiSIEM versions from 6.7 to 7.5, and fixes were made available to the following releases:
- FortiSIEM 7.4.1 or above
- FortiSIEM 7.3.5 or above
- FortiSIEM 7.2.7 or above
- FortiSIEM 7.1.9 or above
FortiSIEM 7.0 and 6.7.0 are also impacted but are no longer supported, so they won’t receive a fix for CVE-2025-25256.
Fortinet clarified that this flaw does not impact FortiSIEM 7.5 and FortiSIEM Cloud.
The only workaround provided by the vendor for those unable to apply the security update immediately is to limit access to the phMonitor port (7900).
Horizon3.ai has also shared indicators of compromise that can help companies detect compromised systems. Looking at the logs for the messages received by phMonitor (/opt/phoenix/log/phoenix.logs), the line with 'PHL_ERROR' should include the URL for the payload and the file it is written to.
The 2026 CISO Budget Benchmark
It's budget season! Over 300 CISOs and security leaders have shared how they're planning, spending, and prioritizing for the year ahead. This report compiles their insights, allowing readers to benchmark strategies, identify emerging trends, and compare their priorities as they head into 2026.
Learn how top leaders are turning investment into measurable impact.
如有侵权请联系:admin#unsafe.sh