Código HTML do Conteúdo

Post: Fortinet Warns Exploit Code Available for Critical Vulnerability - Against Invaders - Notícias de CyberSecurity para humanos.

<div data-edit-folder-name="text" data-index="0" data-layout-id="2" id="layout-231dfc1c-9963-4a76-abce-32a1b523bd49"> <p>Sysadmins have been urged to prioritize updating a new critical vulnerability in Fortinet&rsquo;s FortiSIEM solution, as exploit code is currently circulating in the wild.</p> <p>Published on Tuesday, CVE-2025-25256 is an escalation of privilege vulnerability with a CVSS score of 9.8.</p> <p>&ldquo;An improper neutralization of special elements used in an OS command vulnerability in FortiSIEM may allow an unauthenticated attacker to execute unauthorized code or commands via crafted CLI requests,&rdquo; the advisory explained.</p> <p>&ldquo;Practical exploit code for this vulnerability was found in the wild.&rdquo;</p> <p>Fortinet added that the exploitation code currently circulating &ldquo;does not appear to produce distinctive IoCs [indicators of compromise],&rdquo; which will complicate network defender efforts to identify and contain any resulting exploits.</p> <p><a href="https://www.infosecurity-magazine.com/news/fortinet-confirms-critical-zero-day/" target="_blank"><em>Read more on Fortinet threats: Fortinet Confirms Critical Zero-Day Vulnerability in Firewalls</em></a></p> <p>FortiSIEM is a security information and event management (SIEM) platform designed to provide security operations (SecOps) teams with threat alerts based on analysis and correlation of data from multiple sources.</p> <p>It&rsquo;s marketed mainly to medium and large enterprises and managed service providers, putting these organizations in the crosshairs of possible attack if workable exploits are developed.</p> <p>Fortinet products are a popular target for threat actors, with <a href="https://www.infosecurity-magazine.com/news/fortinet-vulnerability-ransomware/" target="_blank">vulnerabilitiesoften exploited in ransomware campaigns</a>.</p> <p>It&rsquo;s unclear whether the announcement is related to a report from GreyNoise, also released on Tuesday, which revealed a &ldquo;significant spike in brute-force traffic targeting Fortinet SSL VPNs.&rdquo;</p> <p>Over 780 unique IPswere involved in the attacks, traced to August 3. GreyNoise said this was thehighest volume of IPs associated with attacks on Fortinet SSL VPNs in recent months.</p> <p>&ldquo;New research shows spikes like this often precede the disclosure of new vulnerabilities affecting the same vendor &ndash; most within six weeks,&rdquo; it explained.</p> <p>&ldquo;In fact, GreyNoise found that spikes in activity triggering this exact tag are significantly correlated with future disclosed vulnerabilities in Fortinet products.&rdquo;</p> <p>On August 5, the same threat actor switched from targeting FortiOS SSL VPN endpoints to FortiManager&rsquo;s FGFM service, the threat intelligence firm said.</p> </div>