top of page
perceptive_background_267k.jpg

An improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiSIEM 7.4.0, FortiSIEM 7.3.0 through…

Published:

12 January 2026 at 23:00:00

Alert date:

13 January 2026 at 21:04:42

Source:

nvd.nist.gov

Click to open the original link from this advisory

Security Tools, Network Infrastructure

A critical OS command injection vulnerability (CVE-2025-64155) affects multiple versions of Fortinet FortiSIEM, including versions 6.7.0 through 7.4.0. The vulnerability stems from improper neutralization of special elements used in OS commands. Attackers can exploit this flaw by sending crafted TCP requests to execute unauthorized code or commands on affected systems. The vulnerability impacts a wide range of FortiSIEM versions across major release branches. This represents a significant security risk for organizations using FortiSIEM for security information and event management.

Technical details

Mitigation steps:

Affected products:

Fortinet FortiSIEM

Related links:

https://nvd.nist.gov/vuln/detail/CVE-2025-64155
https://fortiguard.fortinet.com/psirt/FG-IR-25-772
https://github.com/horizon3ai/CVE-2025-64155

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Disclaimer: Deze website toont informatie afkomstig van externe bronnen. Perceptive aanvaardt geen verantwoordelijkheid voor de inhoud, juistheid of volledigheid van deze informatie.

bottom of page