Forwarded by Taiwan Computer Network Crisis Response and Coordination Center (TWCERTCC-200-202508-00000007)

[Content Description]
FortiSIEM is Fortinet's next-generation security information and event management platform, leveraging AI and automation to improve threat detection and security operations efficiency while reducing management complexity. Recently, Fortinet released a critical security vulnerability advisory (CVE-2025-25256, CVSS: 9.8). This is an operating system command injection vulnerability that could allow an unauthenticated attacker to execute unauthorized code or commands through a crafted command line interface (CLI) request.

[Affected Platforms]
● FortiSIEM 7.3.0 to 7.3.1
● FortiSIEM 7.2.0 to 7.2.5
● FortiSIEM 7.1.0 to 7.1.7
● FortiSIEM 7.0.0 to 7.0.3
● FortiSIEM 6.7.0 to 6.7.9

[Suggested Action]
Please update to the following versions:
● FortiSIEM 7.3.2
● FortiSIEM 7.2.6
● FortiSIEM 7.1.8
● FortiSIEM 7.0.4
● FortiSIEM 6.7.10
● FortiSIEM Migrate versions below 6.6 to a fixed version.

[Reference]
https://www.twcert.org.tw/tw/cp-169-10322-f7c42-1.html