CVE's

COMPLETED January 19, 2026
Summary

Briefing: CVE's Purpose: News about security alerts for our product stack

Key Insights

  • Multiple products have critical unauthenticated vulnerabilities requiring immediate action. Fortinet disclosed critical flaws in FortiSIEM (CVE-2025-64155, CVSS 9.4) and FortiFone (CVE-2025-47855, CVSS 9.3). Both can be exploited by unauthenticated remote attackers to execute commands or access sensitive configurations, making them the highest priority for patching.
  • Unauthenticated remote command injection
  • Unauthenticated access to local configuration

  • A high-severity unauthenticated flaw impacts core network infrastructure. A heap-based buffer overflow (CVE-2025-25249, CVSS 7.4) affects FortiOS and FortiSwitchManager, allowing a remote, unauthenticated attacker to execute arbitrary code. Due to the widespread deployment of these devices, this vulnerability represents a significant threat and should be prioritized alongside the critical alerts.

  • Heap-based buffer overflow in cw_acd daemon

  • A separate set of authenticated vulnerabilities presents a secondary, but still significant, risk. Flaws with medium-to-low severity ratings were also disclosed for FortiVoice, FortiClientEMS, and FortiSandbox. These vulnerabilities require an attacker to have some level of authentication, which lowers their immediate risk compared to unauthenticated exploits but makes them dangerous in a multi-stage attack.

  • Arbitrary file deletion in administrative interface
  • Authenticated SQL injection in API endpoint
  • SSRF in GUI console

Emerging Patterns

Read & Act

What to read - Unauthenticated remote command injection — This advisory details a critical (CVSS 9.4) vulnerability in FortiSIEM. It is essential reading to understand the attack vector and apply the specific workaround if immediate patching is not possible. - Unauthenticated access to local configuration — This outlines the other critical (CVSS 9.3) vulnerability in FortiFone. Understanding how unauthenticated attackers can access configuration is key to assessing the full risk to your environment. - Heap-based buffer overflow in cw_acd daemon — This high-severity alert affects core FortiOS and FortiSwitchManager products. Reviewing this is crucial for all network teams to identify affected versions and apply necessary upgrades or workarounds.

What to do 1. Triage and patch based on authentication requirements. Immediately address the unauthenticated vulnerabilities in FortiSIEM (CVE-2025-64155), FortiFone (CVE-2025-47855), and FortiOS/FortiSwitchManager (CVE-2025-25249). These pose the most immediate and severe risk to your infrastructure. 2. Apply workarounds where patching is delayed. For the FortiSIEM and FortiOS vulnerabilities, Fortinet provides specific workarounds, such as limiting access to certain ports. Implement these immediately on critical systems while you schedule and test the required firmware upgrades. 3. Audit and schedule patching for authenticated vulnerabilities. After addressing the high-priority threats, plan for the patching of flaws in FortiVoice, FortiClientEMS, and FortiSandbox. While less urgent, these could be exploited by an attacker who has already gained a foothold in the network.