NCERT Warns of Serious Security Bugs in Fortinet Products
Pakistan’s National Computer Emergency Response Team (National CERT) has warned about major security problems in some widely used Fortinet products. These flaws could let hackers take full control of affected systems without needing a username, password, or any action from the user.
If hackers exploit these bugs, they could:
- Steal sensitive data and login information
- Change settings or delete security logs
- Shut down services
- Move across the network to other systems
Even security tools meant to protect systems could be compromised, allowing hackers to hide their tracks and monitor activity without being noticed.
The most serious flaw, CVE-2025-64155, affects FortiSIEM management systems and has a critical risk score of 9.4/10. Other important vulnerabilities include CVE-2025-25249 (affecting FortiOS and FortiSwitchManager) and CVE-2025-47855 (affecting FortiFone devices). Systems directly connected to the internet are at the highest risk, and a public proof-of-concept exploit has made it easier for attackers to target these flaws.
Warning Signs of an Attack:
- Strange administrative activity
- Unexpected system processes
- Unauthorized changes in settings
- Unusual internet traffic
- Service crashes
- Missing or changed security logs
National CERT advises administrators to:
- Check Fortinet’s official security advisories to see which versions are affected
- Immediately install the latest security patches
- If patching is not possible right away, limit access, disable public management pages, and closely monitor systems
These steps are important to protect organizations and users from serious cyberattacks.