Hackers Could Break Into Systems Without Passwords: NCERT has issued a warning about critical security flaws in Fortinet products. These vulnerabilities allow attackers to access systems with no username or password required. Attackers can move freely across networks, exposing sensitive data and disrupting services. Organizations connected directly to the internet face the highest risk.
The National Computer Emergency Response Team (NCERT) reported that FortiSIEM, FortiOS, FortiSwitchManager, and FortiFone are affected. The most severe flaw, CVE-2025-64155, has a CVSS score of 9.4, highlighting its critical level. Other issues, like CVE-2025-25249 and CVE-2025-47855, also enable attackers to exploit systems remotely. Once inside, hackers can steal login details, make unauthorized setting changes, and even delete security logs. Security tools could be compromised, making detection difficult.
To prevent attacks, organizations must install security patches and updates immediately. Limiting remote access and disabling public management pages can reduce exposure. Monitoring network activity helps detect unusual system processes and strange outbound traffic. Following official PSIRT advisories ensures that patches address all critical flaws. Temporary safeguards can slow attackers, but official updates remain essential.
NCERT emphasizes that ignoring these warnings could lead to long-term cyberattacks and large-scale breaches. Systems directly connected to the internet are especially vulnerable, so immediate action is crucial. By staying vigilant and implementing recommended measures, organizations can reduce the risk of hackers exploiting these flaws.
Conclusion: Hackers could break into systems without passwords, as NCERT warns, but proactive steps like patching, monitoring, and limiting access can prevent large-scale cyberattacks.
Meta Description:
Hackers could break into systems without passwords, NCERT warns. Install security patches and monitor network activity to stay protected.
