Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).
CVE-2025-25256
Severity
9.8CRITICAL
EPSS
44.9%
top 2.41%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
Timeline
PublishedAug 12
Latest updateAug 15
Description
An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] in Fortinet FortiSIEM version 7.3.0 through 7.3.1, 7.2.0 through 7.2.5, 7.1.0 through 7.1.7, 7.0.0 through 7.0.3 and before 6.7.9 allows an unauthenticated attacker to execute unauthorized code or commands via crafted CLI requests.
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9
Affected Packages2 packages
🔴Vulnerability Details
3CVEList▶
CVE-2025-25256: An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] in Fortinet FortiSIEM version 7↗2025-08-12
GHSA▶
GHSA-6gxf-4w6m-j956: An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] in Fortinet FortiSIEM version 7↗2025-08-12
VulnCheck▶
Fortinet FortiSIEM Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')↗2025
💥Exploits & PoCs
1Nuclei▶
Fortinet FortiSIEM - OS Command Injection
🔍Detection Rules
1Suricata▶
ET EXPLOIT Fortinet FortiSIEM Unauthenticated phMonitor Command Injection (CVE-2025-25256)↗2025-08-15
📋Vendor Advisories
1Fortinet▶
An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] in...↗2025-08-12