How severe is CVE-2025-64155?

CVE-2025-64155 has a CVSS v3 score of 9.8 (CRITICAL).

CVE-2025-64155

Name: fortisiem
Author: fortinet

9.8CRITICAL

An improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiSIEM 7.4.0, FortiSIEM 7.3.0 through 7.3.4, FortiSIEM 7.1.0 through 7.1.8, F

Publicado: 1/13/2026Atualizado: 1/14/2026

Descrição

An improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiSIEM 7.4.0, FortiSIEM 7.3.0 through 7.3.4, FortiSIEM 7.1.0 through 7.1.8, FortiSIEM 7.0.0 through 7.0.4, FortiSIEM 6.7.0 through 6.7.10 may allow an attacker to execute unauthorized code or commands via crafted TCP requests.

Análise IADesenvolvido por IA

Produtos Afetados

fortinetfortisiem

7.4.0

Referências

https://fortiguard.fortinet.com/psirt/FG-IR-25-772
Vendor Advisory
https://github.com/horizon3ai/CVE-2025-64155
ExploitThird Party Advisory