Pakistan’s National Computer Emergency Response Team (National CERT) has warned that serious security flaws in widely used Fortinet products could allow hackers to take full control of affected systems. If exploited, these weaknesses could expose sensitive data, disrupt services, and allow attackers to move freely across entire networks.
The advisory says attackers could break into systems without needing a username, password, or any user interaction. Once inside, they could steal login details, change settings, delete security logs, shut down services, and spread to other connected systems. This could leave organizations and their users vulnerable to data leaks and long-term cyberattacks.
National CERT also warned that security tools themselves could be compromised. This means attackers may be able to hide their tracks, disable protections, and quietly monitor activity, making detection difficult.
The advisory focuses on multiple high-risk vulnerabilities found in several Fortinet products, including FortiSIEM, FortiOS, FortiSwitchManager, and FortiFone. The most severe flaw, tracked as CVE-2025-64155, has a CVSS score of 9.4 out of 10, making it a critical-level threat.
According to National CERT, this vulnerability mainly affects FortiSIEM management components and can be exploited remotely without valid credentials or user action. Systems that are connected directly to the internet face the highest risk, as attackers can target them from anywhere.
The threat level has increased further due to the release of a public proof-of-concept exploit, which makes it easier for cybercriminals to carry out attacks.
Other serious flaws include CVE-2025-25249, which affects FortiOS and FortiSwitchManager through the cw_acd service, and CVE-2025-47855, which impacts FortiFone devices and has a CVSS score of 9.3. Together, these issues show a broader pattern of major security weaknesses across Fortinet’s product range.
National CERT has shared warning signs that may indicate a system has been attacked. These include unusual administrative activity, unexpected system processes, unauthorized setting changes, strange outbound internet traffic, service crashes, and missing or altered security logs. Organizations have been advised to carefully monitor their systems for these red flags.
The advisory lists several versions of FortiSIEM, FortiOS, FortiSwitchManager, and FortiFone as vulnerable. National CERT urged administrators to check Fortinet’s official PSIRT advisories to confirm which versions are affected and which updates fix the problems.
To reduce risk, National CERT has urged immediate installation of Fortinet’s latest security patches, especially on systems exposed to the internet or used for critical operations. If patching cannot be done right away, temporary steps such as limiting access, disabling public management pages, and increasing monitoring should be applied.
The advisory stressed that installing official patches is the only complete way to stop these attacks and prevent large-scale system takeovers.
Stay Connected with ProPakistani
Get the latest tech news, telecom insights, and product launches wherever you prefer.
Add ProPakistani to Preferred Sources and see more of our stories in Google Search and Top Stories.
