Fortinet: Cyber Security News ®’s Post

Fortinet Discloses Critical FortiSIEM Vulnerability Allowing Remote Code Execution

On January 13, 2026, Fortinet issued an advisory warning of a critical OS command injection vulnerability in FortiSIEM, tracked as CVE-2025-64155 (CVSS: High). The flaw, classified under CWE-78 (improper neutralization of special elements in OS commands), affects the phMonitor component on port 7900.

The vulnerability enables unauthenticated attackers to execute arbitrary code by sending maliciously crafted TCP requests to FortiSIEM’s Super and Worker nodes, potentially leading to full system compromise. No authentication is required for exploitation, increasing the risk of widespread attacks.

Fortinet has not disclosed active exploitation in the wild, but organizations using FortiSIEM are urged to apply patches or mitigations promptly. The advisory highlights the severity of the issue, given FortiSIEM’s role in security information and event management (SIEM) for enterprise environments.

Source: https://www.linkedin.com/feed/update/urn:li:activity:7417268024409370625

Fortinet TPRM report: https://www.rankiteo.com/company/fortinet

"id": "for1768415255",
"linkid": "fortinet",
"type": "Vulnerability",
"date": "1/2026",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"

{'affected_entities': [{'industry': 'Cybersecurity',
                        'name': 'Fortinet',
                        'type': 'Vendor'}],
 'attack_vector': 'Network (Crafted TCP requests)',
 'date_publicly_disclosed': '2026-01-13',
 'description': 'Fortinet disclosed a critical OS command injection '
                'vulnerability in FortiSIEM that allows unauthenticated '
                'attackers to execute arbitrary code via crafted TCP requests '
                'to the phMonitor component on port 7900. The flaw stems from '
                'improper neutralization of special elements in OS commands '
                '(CWE-78).',
 'impact': {'operational_impact': 'Full-system compromise potential',
            'systems_affected': 'FortiSIEM Super and Worker nodes'},
 'post_incident_analysis': {'root_causes': 'Improper neutralization of special '
                                           'elements in OS commands (CWE-78)'},
 'references': [{'source': 'LinkedIn Cybersecurity News Weekly Newsletter'}],
 'title': 'FortiSIEM OS Command Injection Vulnerability (CVE-2025-64155)',
 'type': 'Vulnerability Exploitation',
 'vulnerability_exploited': 'CVE-2025-64155 (CWE-78: Improper Neutralization '
                            'of Special Elements used in an OS Command)'}

Fortinet: Cyber Security News ®’s Post

Miratorg, Yandex Lavka, Lenta and Federal State Information System for Veterinary Surveillance: Animal certification system compromise impacts Russian dairy supply chain

Free Mobile: French data regulator fines telco subsidiaries $48 million over data breach

Coupang Fulfillment Services: Coupang cuts logistics workforce as orders slip after data breach