Command Injection Vulnerability in Fortinet FortiSIEM Products
CVE-2025-64155

9.4CRITICAL

Key Information:

Vendor

Fortinet
Status
Fortisiem
Vendor
CVE Published:
13 January 2026

Badges

πŸ“ˆ Score: 281πŸ‘Ύ Exploit Exists🟑 Public PoCπŸ“° News Worthy

What is CVE-2025-64155?

CVE-2025-64155 is a command injection vulnerability found in Fortinet's FortiSIEM product line, specifically affecting various versions including FortiSIEM 7.4.0, 7.3.0 through 7.3.4, 7.1.0 through 7.1.8, 7.0.0 through 7.0.4, and 6.7.0 through 6.7.10. FortiSIEM is a security information and event management solution designed to provide comprehensive security monitoring and management capabilities. The vulnerability arises from insufficient sanitization of input, which allows attackers to inject and execute unauthorized commands through specially crafted TCP requests. This can compromise system integrity, leading to potential unauthorized access and control over the FortiSIEM infrastructure, which is critical for monitoring and analyzing security events in an organization's environment.

Potential impact of CVE-2025-64155

  1. Unauthorized Code Execution: The command injection vulnerability enables attackers to execute arbitrary code on the affected systems, facilitating malicious activities such as data exfiltration, system manipulation, or the installation of malware.

  2. Compromise of Security Monitoring: As FortiSIEM serves as a central hub for monitoring security events, exploiting this vulnerability could allow attackers to disable security features, tamper with logs, or manipulate alerts, thereby hindering an organization's ability to detect and respond to security incidents effectively.

  3. Increased Risk of Data Breaches: The ability to remotely execute commands increases the likelihood of unauthorized access to sensitive data, making organizations vulnerable to data breaches and other malicious activities, which could result in regulatory fines and reputational damage.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

FortiSIEM 7.4.0

FortiSIEM 7.3.0 <= 7.3.4

FortiSIEM 7.2.6

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2025-64155
Created by horizon3ai

CVE-2025-64155-hunter
Created by purehate

News Articles

favicon imageDark Reading

More Problems for Fortinet: Critical FortiSIEM Flaw Exploited

CVE-2025-64155, a command injection vulnerability, was disclosed earlier this week and quickly came under attack from a variety of IP addresses.

2 weeks ago

favicon imageHelp Net Security

PoC exploit for critical FortiSIEM vulnerability released (CVE-2025-64155) - Help Net Security

A critical vulnerability (CVE-2025-64155) in FortiSIEM has now been accompanied by publicly released proof-of-concept (PoC) exploit code.

2 weeks ago

favicon imageBleepingComputer

Hackers now exploiting critical Fortinet FortiSIEM flaw in attacks

Attackers are now exploiting a critical Fortinet FortiSIEM vulnerability with publicly available proof-of-concept exploit code.

2 weeks ago

References

https://fortiguard.fortinet.com/psirt/FG-IR-25-772

CVSS V3.1

Score:
9.4
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • πŸ“°

    First article discovered by The Hacker News

  • 🟑

    Public PoC available

  • πŸ‘Ύ

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

JSON
.