OS Command Injection Vulnerability in Fortinet FortiSIEM
CVE-2025-25256

9.8CRITICAL

Key Information:

Vendor

Fortinet
Status
Fortisiem
Vendor
CVE Published:
12 August 2025

Badges

📈 Score: 1,350👾 Exploit Exists🟣 EPSS 18%📰 News Worthy

What is CVE-2025-25256?

CVE-2025-25256 describes a critical vulnerability in Fortinet's FortiSIEM, a security information and event management (SIEM) solution designed to provide organization-wide visibility and threat detection. This vulnerability stems from improper handling of special characters within operating system commands, allowing unauthenticated attackers to execute arbitrary code through maliciously crafted command-line interface (CLI) requests. The affected versions include FortiSIEM versions 7.3.0 to 7.3.1, 7.2.0 to 7.2.5, 7.1.0 to 7.1.7, and 7.0.0 to 7.0.3, as well as earlier versions prior to 6.7.9. If exploited, this vulnerability could severely undermine the security posture of organizations relying on FortiSIEM for monitoring and managing their IT environments.

Potential impact of CVE-2025-25256

  1. Unauthorized Code Execution: Attackers can exploit this vulnerability to execute unauthorized commands on the affected system, potentially gaining full control over the SIEM infrastructure and altering or exfiltrating sensitive data.

  2. Increased Risk of Data Breaches: The ability to execute arbitrary code can lead to data leaks or breaches, as attackers can manipulate system processes to access confidential information and sensitive logs that are critical to an organization’s security operations.

  3. Compromise of Security Operations: Given that FortiSIEM serves as a central hub for security monitoring and response, a successful exploitation can disrupt incident detection and response capabilities. This can create blind spots in an organization’s security coverage, allowing additional threats to remain undetected.

Affected Version(s)

FortiSIEM 7.3.0 <= 7.3.1

FortiSIEM 7.2.0 <= 7.2.5

FortiSIEM 7.1.0 <= 7.1.7

News Articles

favicon imageBleepingComputer

Fortinet warns of FortiSIEM pre-auth RCE flaw with exploit in the wild

Fortinet is warning about a remote unauthenticated command injection flaw in FortiSIEM that has in-the-wild exploit code, making it critical for admins to apply the latest security updates.

3 weeks ago

favicon imageThe Hacker News

Fortinet Warns About FortiSIEM Vulnerability (CVE-2025-25256) With In-the-Wild Exploit Code

CVE-2025-25256 in FortiSIEM scored 9.8 CVSS; active exploit found, prompting urgent patching. (

3 weeks ago

References

https://fortiguard.fortinet.com/psirt/FG-IR-25-152

EPSS Score

18% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • 👾

    Exploit known to exist

  • 📰

    First article discovered by The Hacker News

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2025-25256 : OS Command Injection Vulnerability in Fortinet FortiSIEM