An improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiSIEM 7.4.0, FortiSIEM 7.3.0 through 7.3.4, FortiSIEM 7.1.0 through 7.1.8, F

Description

An improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiSIEM 7.4.0, FortiSIEM 7.3.0 through 7.3.4, FortiSIEM 7.1.0 through 7.1.8, FortiSIEM 7.0.0 through 7.0.4, FortiSIEM 6.7.0 through 6.7.10 may allow an attacker to execute unauthorized code or commands via crafted TCP requests.

Affected Products

Vendor	Product	Versions
fortinet	fortisiem	< 7.1.9, < 7.2.7, < 7.3.5

References

https://fortiguard.fortinet.com/psirt/FG-IR-25-772(Vendor Advisory)
https://github.com/horizon3ai/CVE-2025-64155(Exploit, Third Party Advisory)
https://github.com/purehate/CVE-2025-64155-hunter

CVSS 3.19.8 CRITICAL

VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA KEV❌ No

Actively exploited❌ No

Patch available

7.1.97.2.77.3.5

CWECWE-78

PublishedJan 13, 2026

Last enriched2d ago

Trending Score0

Source articles0

Independent0

Info Completeness9/14

Missing: epss, kev, exploit, iocs, mitre_attack

An improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiSIEM 7.4.0, FortiSIEM 7.3.0 through 7.3.4, FortiSIEM 7.1.0 through 7.1.8, F

Description

Affected Products

References

Community Vote

Related CVEs (5)

Pin to Dashboard

Verification

Vulnerability Timeline