CVE-2025-64155NVD

Vulnerability Summary

An improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiSIEM 7.4.0, FortiSIEM 7.3.0 through 7.3.4, FortiSIEM 7.1.0 through 7.1.8, FortiSIEM 7.0.0 through 7.0.4, FortiSIEM 6.7.0 through 6.7.10 may allow an attacker to execute unauthorized code or commands via crafted TCP requests.

Severity Level

CRITICAL(9.8)

Published Date

Jan 13, 2026

Last Modified

Jan 20, 2026

Exploitation Status

????

EPSS Score (30-Day)

Data Pending

Root Weakness (CWE)

CWE-78: OS Command Injection ↗

The software constructs all or part of an OS command using externally-influenced input, but does not properly neutralize special elements.

CVSS v3.1 Base Metrics

Attack VectorNetwork

Attack ComplexityLow

Privileges RequiredNone

User InteractionNone

ScopeUnchanged

ConfidentialityHigh

IntegrityHigh

AvailabilityHigh

External References

https://fortiguard.fortinet.com/psirt/FG-IR-25-772
https://github.com/horizon3ai/CVE-2025-64155
https://github.com/purehate/CVE-2025-64155-hunter

Critical Alert 1 Active Exploit Detected Today

CVE Watchtower

CVE-2025-64155NVD

Vulnerability Summary

External References