Pakistan’s National Computer Emergency Response Team (National CERT) has issued a critical warning: severe Fortinet security flaws could grant hackers complete control over widely used Fortinet products. If exploited, these vulnerabilities could expose sensitive data, disrupt essential services, and allow attackers to navigate entire networks freely. Therefore, immediate attention and mitigation are crucial for organizations.
Understanding the Critical Fortinet Security Flaws
The National CERT advisory explains that attackers can breach systems without requiring a username, password, or any user interaction. Once compromised, they gain the ability to steal login credentials, alter system settings, delete crucial security logs, disable services, and spread malware to connected systems. Consequently, organizations face significant risks of data breaches and prolonged cyberattacks.
Unauthenticated System Compromise
Moreover, National CERT has highlighted a concerning possibility: the compromise of security tools themselves. This means attackers could effectively conceal their activities, deactivate protective measures, and covertly monitor network traffic. Ultimately, such a scenario makes detection extremely difficult, leaving systems exposed to silent threats.
Key Vulnerabilities Identified
The advisory specifically details multiple high-risk Fortinet security flaws impacting several Fortinet products. These include FortiSIEM, FortiOS, FortiSwitchManager, and FortiFone. The most severe issue, tracked as CVE-2025-64155, boasts a CVSS score of 9.4 out of 10, categorizing it as a critical threat. Hence, its immediate resolution is paramount.
FortiSIEM’s Critical CVE-2025-64155
According to National CERT, this particular vulnerability primarily affects FortiSIEM management components. Attackers can exploit it remotely without valid credentials or user action. Systems directly connected to the internet face the highest risk because threat actors can target them from anywhere across the globe. Furthermore, the recent release of a public proof-of-concept exploit significantly escalates the threat level, making it easier for cybercriminals to launch attacks.
Other High-Severity Flaws
Other serious flaws include CVE-2025-25249, which impacts FortiOS and FortiSwitchManager via the cw_acd service. Another significant vulnerability is CVE-2025-47855, affecting FortiFone devices with a CVSS score of 9.3. Collectively, these issues reveal a broader pattern of major security weaknesses throughout Fortinet’s product range, underscoring the urgent need for comprehensive security reviews.
Detecting and Mitigating Threats
National CERT has provided clear warning signs that may indicate a compromised system. Organizations must diligently monitor their systems for these red flags to identify potential breaches promptly. These include:
- Unusual administrative activity
- Unexpected system processes
- Unauthorized setting changes
- Strange outbound internet traffic
- Service crashes
- Missing or altered security logs
Immediate Actions and Patching
The advisory lists specific vulnerable versions of FortiSIEM, FortiOS, FortiSwitchManager, and FortiFone. National CERT strongly advises administrators to consult Fortinet’s official PSIRT advisories to confirm affected versions and identify necessary updates. To mitigate these critical Fortinet security flaws, organizations should immediately install Fortinet’s latest security patches, particularly on systems exposed to the internet or vital for critical operations. If immediate patching is not feasible, temporary measures such as restricting access, disabling public management pages, and enhancing monitoring protocols should be implemented. Ultimately, installing official patches remains the sole complete solution to prevent these attacks and avoid large-scale system takeovers.
