Sign In

CVE-2025-25256

📊 9.8 CRITICAL40.6%🎯 3 exploits
📅 Published Aug 12, 2025
📋 Status: Modified

An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] in Fortinet FortiSIEM version 7.3.0 through 7.3.1, 7.2.0 through 7.2.5, 7.1.0 through 7.1.7, 7.0.0 through 7.0.3 and before 6.7.9 allows an unauthenticated attacker to execute unauthorized code or commands via crafted CLI requests.

🎯 Affected Products & Systems

5 product configurations affected

Filter by type:
📱
fortinet / fortisiem
Application
Vulnerable
Version: ≥ 5.4.0 ∧ < 6.7.10
CPE:
cpe:2.3:a:fortinet:fortisiem:*:*:*:*:*:*:*:*
📱
fortinet / fortisiem
Application
Vulnerable
Version: ≥ 7.0.0 ∧ < 7.0.4
CPE:
cpe:2.3:a:fortinet:fortisiem:*:*:*:*:*:*:*:*
📱
fortinet / fortisiem
Application
Vulnerable
Version: ≥ 7.1.0 ∧ < 7.1.8
CPE:
cpe:2.3:a:fortinet:fortisiem:*:*:*:*:*:*:*:*
📱
fortinet / fortisiem
Application
Vulnerable
Version: ≥ 7.2.0 ∧ < 7.2.6
CPE:
cpe:2.3:a:fortinet:fortisiem:*:*:*:*:*:*:*:*
📱
fortinet / fortisiem
Application
Vulnerable
Version: ≥ 7.3.0 ∧ < 7.3.2
CPE:
cpe:2.3:a:fortinet:fortisiem:*:*:*:*:*:*:*:*
5 productsscroll for more
Metrics
9.8 CRITICALCVSS v3.1[email protected]
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector:
NETWORK
Complexity:
LOW
Privileges:
NONE
User Interaction:
NONE
Confidentiality:
HIGH
Integrity:
HIGH
Availability:
HIGH
Scope:
UNCHANGED

🔍 Technical Details

Analysis Status
Modified
CVSS Details
9.8 (CRITICAL)v3.1
Source: [email protected]
EPSS Details
40.6% (Medium)97.2th percentile
Last updated: Oct 31, 2025
Exploitation probability within 30 days
Published Date
Aug 12, 2025 (2 months ago)
Last Modified
Aug 15, 2025 (2 months ago)
Security Weaknesses1

Available exploits (3)

🔐 Sign-in Required

Sign in to view exploits and proof-of-concept code.

Sign InCreate Account
References5