CVE-2025-64155
Fortinet · FortiSIEM
A critical OS command injection vulnerability in FortiSIEM allows unauthenticated remote attackers to execute unauthorized code via crafted TCP requests.
Executive summary
Fortinet FortiSIEM is vulnerable to a critical OS command injection flaw that enables unauthenticated remote code execution.
Vulnerability
This is an OS command injection vulnerability occurring due to improper neutralization of special elements in TCP requests, allowing unauthenticated attackers to execute arbitrary system commands.
Business impact
The CVSS score of 9.8 reflects the high risk of total system compromise, as this vulnerability allows an attacker to gain full control over the FortiSIEM appliance. Successful exploitation could lead to unauthorized access to sensitive security logs, data exfiltration, and the ability to pivot into the broader corporate network.
Remediation
Immediate Action: Upgrade all affected instances of FortiSIEM to the vendor-recommended patched release immediately.
Proactive Monitoring: Monitor network traffic for anomalous TCP traffic patterns directed at the FortiSIEM appliance and audit system logs for unauthorized command execution.
Compensating Controls: Implement strict network segmentation and utilize a Web Application Firewall (WAF) or Intrusion Prevention System (IPS) to block malformed TCP requests.
Exploitation status
Public Exploit Available: Unknown
Analyst recommendation
Given the critical severity of this vulnerability, organizations should prioritize patching as an immediate business necessity. Failure to remediate this flaw exposes the enterprise to significant risk of complete system takeover and potential lateral movement within the network.