CVE 9.4 CRITICAL

CVE-2025-64155_CVE-2025-64155

January 13, 2026 invoker category_cve

9.4 / 10

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H/RL:O/RC:C

Description

An improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiSIEM 7.4.0, FortiSIEM 7.3.0 through 7.3.4, FortiSIEM 7.1.0 through 7.1.8, FortiSIEM 7.0.0 through 7.0.4, FortiSIEM 6.7.0 through 6.7.10 may allow an attacker to execute unauthorized code or commands via crafted TCP requests.

AI Analysis

OS command injection vulnerability allowing execution of unauthorized code or commands

Basic Information

ID CVE-2025-64155

Source fortinet

Published Jan 13, 2026 at 16:32

Affected Product

Vendor Fortinet

Product FortiSIEM

Version 7.4.0

Affected Versions Fortinet FortiSIEM 7.4.0
Fortinet FortiSIEM 7.3.0
Fortinet FortiSIEM 7.2.6
Fortinet FortiSIEM 7.1.8
Fortinet FortiSIEM 7.0.4
Fortinet FortiSIEM 6.7.10

CWE Classification

CWE-78

AI Assessment

AI Score 9.4 / 10

AI Severity Critical

Vendor Fortinet

Product FortiSIEM

Version 7.4.0, 7.3.0-7.3.4, 7.1.0-7.1.8, 7.0.0-7.0.4, 6.7.0-6.7.10

References

fortiguard.fortinet.com /psirt/FG-IR-25-772

{
    "lastseen": "",
    "description": "An improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiSIEM 7.4.0, FortiSIEM 7.3.0 through 7.3.4, FortiSIEM 7.1.0 through 7.1.8, FortiSIEM 7.0.0 through 7.0.4, FortiSIEM 6.7.0 through 6.7.10 may allow an attacker to execute unauthorized code or commands via  crafted TCP requests.",
    "published": "2026-01-13T16:32:28.665Z",
    "modified": "2026-01-13T16:32:28.665Z",
    "type": "cve",
    "title": "CVE-2025-64155",
    "source": "fortinet",
    "references": "https://fortiguard.fortinet.com/psirt/FG-IR-25-772",
    "id": "CVE-2025-64155",
    "bulletinFamily": "",
    "cwe": [
        "CWE-78"
    ],
    "cvelist": null,
    "sourceData": "Fortinet FortiSIEM 7.4.0\nFortinet FortiSIEM 7.3.0\nFortinet FortiSIEM 7.2.6\nFortinet FortiSIEM 7.1.8\nFortinet FortiSIEM 7.0.4\nFortinet FortiSIEM 6.7.10",
    "sourceHref": "",
    "cvss": {
        "score": 9.4,
        "severity": "CRITICAL",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H/RL:O/RC:C",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "FortiSIEM",
    "version": "7.4.0",
    "vendor": "Fortinet",
    "ai_description": "OS command injection vulnerability allowing execution of unauthorized code or commands",
    "ai_severity": "Critical",
    "ai_vendor": "Fortinet",
    "ai_product": "FortiSIEM",
    "ai_version": "7.4.0, 7.3.0-7.3.4, 7.1.0-7.1.8, 7.0.0-7.0.4, 6.7.0-6.7.10",
    "ai_score": 9.4
}

💭 Join the Security Discussion ❌ Cancel Reply