CVE-2025-25256

CVE Database · CVE-2025-25256

CVE-2025-25256

· CRITICALModified

CVSS v3.1

9.8

EPSS

56.19%

Published

Aug 12, 2025

Modified

Aug 15, 2025

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] in Fortinet FortiSIEM version 7.3.0 through 7.3.1, 7.2.0 through 7.2.5, 7.1.0 through 7.1.7, 7.0.0 through 7.0.3 and before 6.7.9 allows an unauthenticated attacker to execute unauthorized code or commands via crafted CLI requests.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Weaknesses (CWE)

CWE-78

Affected Products (5)

fortinet · fortisiem (up to 6.7.10)vulnerable

fortinet · fortisiem (up to 7.0.4)vulnerable

fortinet · fortisiem (up to 7.1.8)vulnerable

fortinet · fortisiem (up to 7.2.6)vulnerable

fortinet · fortisiem (up to 7.3.2)vulnerable

References (4)

https://fortiguard.fortinet.com/psirt/FG-IR-25-152

Vendor Advisory

https://www.theregister.com/2025/08/13/fortinet_discloses_critical_bug/

Third Party Advisory

https://github.com/watchtowrlabs/watchTowr-vs-FortiSIEM-CVE-2025-25256

https://labs.watchtowr.com/should-security-solutions-be-secure-maybe-were-all-wrong-fortinet-fortisiem-pre-auth-command-injection-cve-2025-25256/

KEV Catalog EPSS Scores Vendors All CVEs