CVE-2025-64155 — OS Command Injection in Fortinet Fortisiem

CWE-78 — OS Command Injection10 documents9 sources

Severity

9.8CRITICALNVD

EPSS

0.1%

top 76.45%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Fortinet Fortisiem

Timeline

PublishedJan 13

Latest updateJan 16

Description

An improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiSIEM 7.4.0, FortiSIEM 7.3.0 through 7.3.4, FortiSIEM 7.1.0 through 7.1.8, FortiSIEM 7.0.0 through 7.0.4, FortiSIEM 6.7.0 through 6.7.10 may allow an attacker to execute unauthorized code or commands via crafted TCP requests.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

▶NVDfortinet/fortisiem6.7.0 — 7.1.9+3

▶CVEListV5fortinet/fortisiem7.3.0 — 7.3.4+5

🔴Vulnerability Details

CVEList

CVE-2025-64155: An improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiSIEM 7↗2026-01-13

▶

GHSA

GHSA-gvhh-fvm4-vqqj: An improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiSIEM 7↗2026-01-13

▶

VulnCheck

Fortinet FortiSIEM Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')↗2025

▶

🔍Detection Rules

Suricata

ET EXPLOIT Fortinet FortiSIEM phMonitor Unauthenticated Argument Injection (CVE-2025-64155)↗2026-01-14

▶

📋Vendor Advisories

Fortinet

Unauthenticated remote command injection↗2026-01-13

▶

🕵️Threat Intelligence

Bleepingcomputer

Hackers now exploiting critical Fortinet FortiSIEM flaw in attacks↗2026-01-16

▶

Bleepingcomputer

Exploit code public for critical FortiSIEM command injection flaw↗2026-01-14

▶

Wiz

CVE-2025-64155 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶