An improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiSIEM 7.4.0, FortiSIEM 7.3.0 through…
Published:
12 januari 2026 om 23:00:00
Alert date:
13 januari 2026 om 21:04:42
Source:
nvd.nist.gov
Security Tools, Network Infrastructure
A critical OS command injection vulnerability (CVE-2025-64155) affects multiple versions of Fortinet FortiSIEM, including versions 6.7.0 through 7.4.0. The vulnerability stems from improper neutralization of special elements used in OS commands. Attackers can exploit this flaw by sending crafted TCP requests to execute unauthorized code or commands on affected systems. The vulnerability impacts a wide range of FortiSIEM versions across major release branches. This represents a significant security risk for organizations using FortiSIEM for security information and event management.
Technical details
Mitigation steps:
Affected products:
Fortinet FortiSIEM
Related links:
https://nvd.nist.gov/vuln/detail/CVE-2025-64155
https://fortiguard.fortinet.com/psirt/FG-IR-25-772
https://github.com/horizon3ai/CVE-2025-64155
Related CVE's:
Related threat actors:
IOC's:
This article was created with the assistance of AI technology by Perceptive.