Recent alerts had been issued concerning a critical vulnerability identified in FortiSIEM with a publicly available exploit code and two vulnerabilities in N-able N-central.
Network defenders use FortiSIEM, a central security information and event management (SIEM) solution, for network telemetry, logging, and security incident notifications. Big companies, healthcare organizations, and government entities commonly use FortiSIEM. Fortinet has released an alert with regards to a command injection vulnerability that an unauthenticated attacker can exploit remotely, and has an exploit code in the wild. Therefore, it is crucial to patch immediately to correct the vulnerability before exploitation.
Critical vulnerability CVE-2025-25256 is impacting FortiSIEM versions 5.4 to 7.3 and has been given a CVSS base score of 9.8. An unauthenticated attacker can exploit the vulnerability remotely and execute code or commands through the created CLI requests. There is no report by Fortinet that the vulnerability was already exploited; it simply reported finding a functional exploit code in the wild.
Fortinet has corrected the vulnerability in these versions of FortiSIEM: FortiSIEM 7.3.2, FortiSIEM 7.2.6, FortiSIEM 7.1.8, FortiSIEM 7.0.4, and FortiSIEM 6.7.10.
FortiSIEM versions 5.4 to 6.6 users must upgrade to a version that includes the patch against the vulnerability. In case upgrading to a patched version is not possible, Fortinet recommends a workaround by restricting access to the phMonitor on port 7900.
Two vulnerabilities identified in N-able N-central are under active exploitation. Managed service providers (MSPs) commonly use N-able N-central’s remote monitoring and management (RMM) solution to manage devices on their clients’ systems. Vulnerability CVE-2025-8875 is caused by insecure deserialization that can enable the attacker to execute commands. Vulnerability CVE-2025-8876 is a command injection vulnerability caused by the incorrect sanitization of user input. The two vulnerabilities have no assigned CVSS scores currently; nevertheless, CISA reported that the two are under active exploitation. According to N-able’s security alert, the vulnerabilities need authentication to be exploited.
Patches have been released by N-able to correct the vulnerabilities. N-able urges its clients to upgrade to version 2025.3.1 immediately. The company released the patched version on August 13, 2025, and will provide more information concerning the vulnerabilities to enable customers to upgrade to a fixed RMM version.
HIPAA-compliant healthcare entities using these two solutions should take note of these alerts and make sure to take the necessary action.