CVE-2025-64155

Summary

An improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiSIEM 7.4.0, FortiSIEM 7.3.0 through 7.3.4, FortiSIEM 7.1.0 through 7.1.8, FortiSIEM 7.0.0 through 7.0.4, FortiSIEM 6.7.0 through 6.7.10 may allow an attacker to execute unauthorized code or commands via crafted TCP requests.

Affected Software

VendorProductVersion RangeStatus
FortinetFortiSIEM7.4.0affected
FortinetFortiSIEM7.3.0 <= 7.3.4affected
FortinetFortiSIEM7.2.6affected
FortinetFortiSIEM7.1.8affected
FortinetFortiSIEM7.0.4affected
FortinetFortiSIEM6.7.10affected

Weaknesses

  • CWE-78: Execute unauthorized code or commands

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: yes
    • Technical Impact: total

Additional References

References