How severe is CVE-2025-64155?

CVE-2025-64155 has a CVSS v3 score of 9.8 (CRITICAL).

CVE-2025-64155

Name: fortisiem
Author: fortinet

9.8CRITICAL

An improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiSIEM 7.4.0, FortiSIEM 7.3.0 through 7.3.4, FortiSIEM 7.1.0 through 7.1.8, F

Published: 1/13/2026Updated: 1/14/2026

Description

An improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiSIEM 7.4.0, FortiSIEM 7.3.0 through 7.3.4, FortiSIEM 7.1.0 through 7.1.8, FortiSIEM 7.0.0 through 7.0.4, FortiSIEM 6.7.0 through 6.7.10 may allow an attacker to execute unauthorized code or commands via crafted TCP requests.

AI AnalysisPowered by AI

Affected Products

fortinetfortisiem

7.4.0

References

https://fortiguard.fortinet.com/psirt/FG-IR-25-772
Vendor Advisory
https://github.com/horizon3ai/CVE-2025-64155
ExploitThird Party Advisory