Critical Severity Vulnerability
This vulnerability has been rated as Critical severity. Immediate action is recommended.
CVE-2025-64155
Critical
Low
Medium
High
Critical
9.8
CVSS Score
Published: Jan 13, 2026
Last Modified: Jan 14, 2026
Vulnerability Description
An improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiSIEM 7.4.0, FortiSIEM 7.3.0 through 7.3.4, FortiSIEM 7.1.0 through 7.1.8, FortiSIEM 7.0.0 through 7.0.4, FortiSIEM 6.7.0 through 6.7.10 may allow an attacker to execute unauthorized code or commands via crafted TCP requests.
CVSS Metrics
Common Vulnerability Scoring System
Vector String:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
N
Attack Complexity
L
Privileges Required
N
User Interaction
N
Scope
U
Confidentiality
H
Integrity
H
Availability
H
Known Affected Software
1 configuration(s) from 1 vendor(s)
fortisiem
Version:
7.4.0
CPE:
cpe:2.3:a:fortinet:fortisiem:7.4.0:*:*:*:*:*:*:*
This vulnerability affects 1 software configuration(s). Ensure you patch all affected systems.
Severity Details
9.8
out of 10.0
Critical
Key Information
- Published Date
- January 13, 2026
