CVE-2025-25256

Critical CVSS: 9.8

An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] in Fortinet FortiSIEM version 7.3.0 through 7.3.1, 7.2.0 through 7.2.5, 7.1.0 through 7.1.7, 7.0.0 through 7.0.3 and before 6.7.9 allows an unauthenticated attacker to execute unauthorized code or commands via crafted CLI requests.

Vendor

Fortinet

Product

Fortisiem

CWE

CWE-78

Yayın Tarihi

2025-08-12 19:15:28

Güncelleme

2025-08-15 18:15:27

Source Identifier

psirt@fortinet.com

KEV Date Added

Kategoriler

CWE-78 Fortisiem CRITICAL Fortinet 2025

Referanslar

https://fortiguard.fortinet.com/psirt/FG-IR-25-152 https://www.theregister.com/2025/08/13/fortinet_discloses_critical_bug/ https://github.com/watchtowrlabs/watchTowr-vs-FortiSIEM-CVE-2025-25256 https://labs.watchtowr.com/should-security-solutions-be-secure-maybe-were-all-wrong-fortinet-fortisiem-pre-auth-command-injection-cve-2025-25256/

Benzer Kayıtlar

Critical

CVE-2026-35616

A improper access control vulnerability in Fortinet FortiClientEMS 7.4.5 through 7.4.6 may allow an unauthenticated atta…

Medium

CVE-2026-30897

A stack-based buffer overflow vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.3, FortiWeb 7.6.0 through 7.6.6, Fort…

High

CVE-2026-25836

An improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet…

Medium

CVE-2026-25972

An improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Fortinet FortiS…

Medium

CVE-2026-25689

An improper neutralization of argument delimiters in a command ('argument injection') vulnerability in Fortinet FortiDec…

Medium

CVE-2026-24640

A Stack-based Buffer Overflow vulnerability [CWE-121] vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.2, FortiWeb 7…