How severe is CVE-2025-64155?

CVE-2025-64155 has a CVSS v3 score of 9.8 (CRITICAL).

CVE-2025-64155

Name: fortisiem
Author: fortinet

9.8CRITICAL

An improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiSIEM 7.4.0, FortiSIEM 7.3.0 through 7.3.4, FortiSIEM 7.1.0 through 7.1.8, F

Publicado: 1/13/2026Actualizado: 1/14/2026

Descripción

An improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiSIEM 7.4.0, FortiSIEM 7.3.0 through 7.3.4, FortiSIEM 7.1.0 through 7.1.8, FortiSIEM 7.0.0 through 7.0.4, FortiSIEM 6.7.0 through 6.7.10 may allow an attacker to execute unauthorized code or commands via crafted TCP requests.

Análisis IAImpulsado por IA

Productos Afectados

fortinetfortisiem

7.4.0

Referencias

https://fortiguard.fortinet.com/psirt/FG-IR-25-772
Vendor Advisory
https://github.com/horizon3ai/CVE-2025-64155
ExploitThird Party Advisory