CVE-2025-64155
9.8CRITICALAn improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiSIEM 7.4.0, FortiSIEM 7.3.0 through 7.3.4, FortiSIEM 7.1.0 through 7.1.8, F
Опубликовано: 1/13/2026Обновлено: 1/14/2026
Описание
An improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiSIEM 7.4.0, FortiSIEM 7.3.0 through 7.3.4, FortiSIEM 7.1.0 through 7.1.8, FortiSIEM 7.0.0 through 7.0.4, FortiSIEM 6.7.0 through 6.7.10 may allow an attacker to execute unauthorized code or commands via crafted TCP requests.
ИИ-АнализНа базе ИИ
Затронутые продукты
fortinetfortisiem
fortinetfortisiem
fortinetfortisiem
fortinetfortisiem
7.4.0
Ссылки
- https://fortiguard.fortinet.com/psirt/FG-IR-25-772Vendor Advisory
- https://github.com/horizon3ai/CVE-2025-64155ExploitThird Party Advisory