CVE-2025-64155

CVE Database · CVE-2025-64155

CVE-2025-64155

· CRITICALModified

CVSS v3.1

9.8

EPSS

42.65%

Published

Jan 13, 2026

Modified

Jan 20, 2026

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

An improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiSIEM 7.4.0, FortiSIEM 7.3.0 through 7.3.4, FortiSIEM 7.1.0 through 7.1.8, FortiSIEM 7.0.0 through 7.0.4, FortiSIEM 6.7.0 through 6.7.10 may allow an attacker to execute unauthorized code or commands via crafted TCP requests.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Weaknesses (CWE)

CWE-78

Affected Products (4)

fortinet · fortisiem (up to 7.1.9)vulnerable

fortinet · fortisiem (up to 7.2.7)vulnerable

fortinet · fortisiem (up to 7.3.5)vulnerable

fortinet · fortisiemvulnerable

References (3)

https://fortiguard.fortinet.com/psirt/FG-IR-25-772

Vendor Advisory

https://github.com/horizon3ai/CVE-2025-64155

ExploitThird Party Advisory

https://github.com/purehate/CVE-2025-64155-hunter

KEV Catalog EPSS Scores Vendors All CVEs