CVE-2025-64155: Exploit Code Released for Critical Fortinet FortiSIEM Command Injection Vulnerability
Published:
14 January 2026 at 15:15:26
Alert date:
14 January 2026 at 21:03:18
Source:
tenable.com
Network Infrastructure, Security Tools
CVE-2025-64155 is a critical command injection vulnerability affecting Fortinet FortiSIEM devices with a CVSS score of 9.4. The vulnerability allows remote, unauthenticated attackers to execute arbitrary code through specially crafted requests. Public exploit code has been released by Horizon3.ai researchers, significantly increasing the risk of exploitation. Fortinet has released patches for affected versions 7.1.9+, 7.2.7+, 7.3.5+, and 7.4.1+, while older versions require migration to fixed releases. The vulnerability affects multiple FortiSIEM versions from 6.7.0 through 7.4.0, with FortiSIEM 7.5 and Cloud versions unaffected. Given Fortinet's history of being targeted by attackers (23 CVEs on CISA KEV list), this vulnerability is expected to be actively exploited soon.
Technical details
Mitigation steps:
Affected products:
Fortinet FortiSIEM
Related links:
https://www.tenable.com/blog/cve-2025-64155-exploit-code-released-for-critical-fortinet-fortisiem-command-injection
https://fortiguard.fortinet.com/psirt/FG-IR-25-772
https://www.tenable.com/cve/CVE-2025-64155
https://www.cisa.gov/known-exploited-vulnerabilities-catalog
https://horizon3.ai/attack-research/disclosures/cve-2025-64155-three-years-of-remotely-rooting-the-fortinet-fortisiem/
https://www.tenable.com/cve/CVE-2025-64155/plugins
https://www.tenable.com/plugins/pipeline
Related CVE's:
Related threat actors:
IOC's:
This article was created with the assistance of AI technology by Perceptive.