Key Findings Fortinet has released updates to fix a critical security flaw impacting FortiSIEM that could allow an unauthenticated attacker to achieve code execution on susceptible instances. The vulnerability, tracked as CVE-2025-64155, is rated 9.4 out of 10.0 on the CVSS scoring system. The flaw allows for OS command injection via crafted TCP requests to the phMonitor service running on port 7900. Fortinet has also patched a critical vulnerability in FortiFone (CVE-2025-47
