CRITICAL🇵🇱 Wersja polska

CVE-2025-64155

CVSS 9.8v3.1pub. 2026-01-13upd. 2026-01-20

An improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiSIEM 7.4.0, FortiSIEM 7.3.0 through 7.3.4, FortiSIEM 7.1.0 through 7.1.8, FortiSIEM 7.0.0 through 7.0.4, FortiSIEM 6.7.0 through 6.7.10 may allow an attacker to execute unauthorized code or commands via crafted TCP requests.

🤖 AI Analysis
How it works

The vulnerability results from improper neutralization of special characters used in operating system commands (CWE-78). An attacker sends specially crafted TCP requests to the vulnerable FortiSIEM system, which contain malicious payloads with embedded OS commands. The lack of proper input validation causes the transmitted commands to be executed by the system with the privileges of the request-handling process.

Impact

An attacker can remotely execute arbitrary code or system commands on the FortiSIEM server without requiring any privileges, which can lead to complete system takeover, loss of data confidentiality, violation of integrity, and service unavailability.

Mitigation & patch

Apply patches available from the vendor according to the references (https://fortiguard.fortinet.com/psirt/FG-IR-25-772). Until the fix is implemented, it is recommended to restrict network access to TCP ports used by FortiSIEM to trusted hosts only and monitor anomalies in network traffic directed to the system.

Who is affected

Fortinet FortiSIEM 7.4.0, FortiSIEM 7.3.0–7.3.4, FortiSIEM 7.1.0–7.1.8, FortiSIEM 7.0.0–7.0.4, FortiSIEM 6.7.0–6.7.10

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Fortinet Fortisiem

    APP
    Fortinet
    7.4.06.7.0 – 7.1.9 (bez)7.2.0 – 7.2.7 (bez)7.3.0 – 7.3.5 (bez)
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Command Injection
CWE
References

Related vulnerabilities

CVE-2025-25256CRITICAL9.8PL ✓ten sam produkt

Krytyczny pre-auth command injection w Fortinet FortiSIEM (RCE)

CVE-2023-40714CRITICAL9.9PL ✓ten sam produkt

Path Traversal w Fortinet FortiSIEM umożliwiający eskalację uprawnień

CVE-2024-23109CRITICAL10.0PL ✓ten sam produkt

Command Injection w Fortinet FortiSIEM umożliwiający zdalne wykonanie kodu

CVE-2024-23108CRITICAL10.0PL ✓ten sam produkt

Command injection w Fortinet FortiSIEM — nieautoryzowane wykonanie kodu przez API

CVE-2023-36553CRITICAL9.8ten sam produkt

A improper neutralization of special elements used in an os command ('os command injection') in Fortinet Forti...