CVE-2025-25256_CVE-2025-25256

9.8 / 10

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H/RL:X/RC:C

Description

An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] in Fortinet FortiSIEM version 7.3.0 through 7.3.1, 7.2.0 through 7.2.5, 7.1.0 through 7.1.7, 7.0.0 through 7.0.3 and before 6.7.9 allows an unauthenticated attacker to execute unauthorized code or commands via crafted CLI requests.

Basic Information

ID CVE-2025-25256

Source fortinet

Published Aug 12, 2025 at 18:59

Modified Aug 13, 2025 at 20:12

Affected Product

Vendor Fortinet

Product FortiSIEM

Version 7.3.0

Affected Versions Fortinet FortiSIEM 7.3.0
Fortinet FortiSIEM 7.2.0
Fortinet FortiSIEM 7.1.0
Fortinet FortiSIEM 7.0.0
Fortinet FortiSIEM 6.7.0
Fortinet FortiSIEM 6.6.0
Fortinet FortiSIEM 6.5.0
Fortinet FortiSIEM 6.4.0
Fortinet FortiSIEM 6.3.0
Fortinet FortiSIEM 6.2.0
Fortinet FortiSIEM 6.1.0
Fortinet FortiSIEM 5.4.0

CWE Classification

CWE-78

References

fortiguard.fortinet.com /psirt/FG-IR-25-152

{
    "lastseen": "",
    "description": "An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] in Fortinet FortiSIEM version 7.3.0 through 7.3.1, 7.2.0 through 7.2.5, 7.1.0 through 7.1.7, 7.0.0 through 7.0.3 and before 6.7.9 allows an unauthenticated attacker to execute unauthorized code or commands via crafted CLI requests.",
    "published": "2025-08-12T18:59:14.863Z",
    "modified": "2025-08-13T20:12:32.941Z",
    "type": "cve",
    "title": "CVE-2025-25256",
    "source": "fortinet",
    "references": "https://fortiguard.fortinet.com/psirt/FG-IR-25-152",
    "id": "CVE-2025-25256",
    "bulletinFamily": "",
    "cwe": [
        "CWE-78"
    ],
    "cvelist": null,
    "sourceData": "Fortinet FortiSIEM 7.3.0\nFortinet FortiSIEM 7.2.0\nFortinet FortiSIEM 7.1.0\nFortinet FortiSIEM 7.0.0\nFortinet FortiSIEM 6.7.0\nFortinet FortiSIEM 6.6.0\nFortinet FortiSIEM 6.5.0\nFortinet FortiSIEM 6.4.0\nFortinet FortiSIEM 6.3.0\nFortinet FortiSIEM 6.2.0\nFortinet FortiSIEM 6.1.0\nFortinet FortiSIEM 5.4.0",
    "sourceHref": "",
    "cvss": {
        "score": 9.8,
        "severity": "CRITICAL",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H/RL:X/RC:C",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "FortiSIEM",
    "version": "7.3.0",
    "vendor": "Fortinet",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}