CVE-2025-64155

Name of the Vulnerable Software and Affected Versions Fortinet FortiSIEM versions 6.7.0 through 6.7.10 Fortinet FortiSIEM versions 7.0.0 through 7.0.4 Fortinet FortiSIEM versions 7.1.0 through 7.1.8 Fortinet FortiSIEM versions 7.3.0 through 7.3.4 Fortinet FortiSIEM version 7.4.0

Description An improper neutralization of special elements used in an os command ('os command injection') exists in Fortinet FortiSIEM. This issue may allow an attacker to execute unauthorized code or commands via crafted TCP requests. The vulnerability allows for unauthenticated argument injection leading to root remote code execution.

Recommendations Fortinet FortiSIEM versions 6.7.0 through 6.7.10 should be updated. Fortinet FortiSIEM versions 7.0.0 through 7.0.4 should be updated. Fortinet FortiSIEM versions 7.1.0 through 7.1.8 should be updated. Fortinet FortiSIEM versions 7.3.0 through 7.3.4 should be updated. Fortinet FortiSIEM version 7.4.0 should be updated.