CVE-2025-25256

Published Aug 12, 2025

Last updated a day ago

CVSS critical 9.8

Overview

AI description

Automated description summarized from trusted sources.

CVE-2025-25256 is an OS command injection vulnerability affecting Fortinet FortiSIEM versions 7.3.0 through 7.3.1, 7.2.0 through 7.2.5, 7.1.0 through 7.1.7, 7.0.0 through 7.0.3 and before 6.7.9. The vulnerability stems from improper neutralization of special elements within command-line interface (CLI) requests. This vulnerability allows an unauthenticated attacker to execute unauthorized code or commands on vulnerable devices by sending specially crafted CLI requests. Exploit code has been found in the wild, and successful exploitation may not produce distinctive indicators of compromise (IoCs), making it difficult to detect.

Description
An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] in Fortinet FortiSIEM version 7.3.0 through 7.3.1, 7.2.0 through 7.2.5, 7.1.0 through 7.1.7, 7.0.0 through 7.0.3 and before 6.7.9 allows an unauthenticated attacker to execute unauthorized code or commands via crafted CLI requests.
Source
psirt@fortinet.com
NVD status
Modified
Products
fortisiem

Risk scores

CVSS 3.1

Type
Secondary
Base score
9.8
Impact score
5.9
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity
CRITICAL

Weaknesses

psirt@fortinet.com
CWE-78

Social media

Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.

Hype score

25

  1. 🚨💥 CVE ALERT – FortiSIEM under active attack CVE-2025-25256 → Pre-auth RCE (CVSS 9.8) in FortiSIEM 5.4–7.3.1. ⚠️ Exploit code already in the wild. Targets: gov, enterprises, MSSPs. 🛡 Fix: Upgrade to 7.3.2 / 7.2.6 / 7.1.8 / 7.0.4 / 6.7.10 🚫 Or block phMon

    @Newtalics

    16 Aug 2025

    17 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  2. 🚨 Rising Exploitation of #CVE-2025-25256: FortiSIEM phMonitor Under Attack https://t.co/9CmMITWF4v Educational Purposes!

    @UndercodeUpdate

    16 Aug 2025

    0 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. 🚨 Fortinet FortiSIEM Command Injection Vulnerability (CVE-2025-25256) - Technical Details Revealed Read more: https://t.co/9Jwhc81kTz A comprehensive technical analysis of a critical pre-authentication command injection vulnerability affecting Fortinet FortiSIEM systems, ht

    @The_Cyber_News

    16 Aug 2025

    41 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  4. GitHub - watchtowrlabs/watchTowr-vs-FortiSIEM-CVE-2025-25256 - https://t.co/ToahHIalkJ

    @piedpiper1616

    16 Aug 2025

    957 Impressions

    4 Retweets

    12 Likes

    3 Bookmarks

    0 Replies

    0 Quotes

  5. Should Security Solutions Be Secure? Maybe We're All Wrong - Fortinet FortiSIEM Pre-Auth Command Injection (CVE-2025-25256) - watchTowr Labs https://t.co/pVRox4ai4p https://t.co/R6tRnN4MfA

    @secharvesterx

    15 Aug 2025

    80 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  6. Should Security Solutions Be Secure? Maybe We're All Wrong - Fortinet FortiSIEM Pre-Auth Command Injection (CVE-2025-25256) - watchTowr Labs https://t.co/qWyXLnN4DE

    @_r_netsec

    15 Aug 2025

    701 Impressions

    0 Retweets

    1 Like

    1 Bookmark

    0 Replies

    0 Quotes

  7. Should security solutions be secure? We're beginning to feel wrong. Enjoy some unscheduled programming - our analysis of CVE-2025-25256, a pre-auth Command Injection in Fortinet's FortiSIEM https://t.co/xr9m8lkgzH

    @watchtowrcyber

    15 Aug 2025

    11916 Impressions

    31 Retweets

    89 Likes

    33 Bookmarks

    3 Replies

    2 Quotes

  8. 🚨 Urgent Fortinet alert: Critical FortiSIEM vulnerability (CVE-2025-25256) is being actively exploited in the wild! Patch now to protect your systems from this severe threat. #Fortinet #CyberSecurity https://t.co/bU3GoIFHm8

    @xcybersecnews

    15 Aug 2025

    7 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  9. Urgent : La vulnérabilité critique CVE-2025-25256 dans FortiSIEM expose les systèmes à une injection de commandes OS ! Fortinet recommande une mise à jour immédiate. Avez-vous des mesures en place pour protéger vos infrastructures ? #CyberSécurité #Fortinet #CyberSécuri

    @CyberSentinelle

    15 Aug 2025

    13 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  10. Fortinet Warns About FortiSIEM Vulnerability (CVE-2025-25256) With In-the-Wild Exploit Code #CISO https://t.co/b0pWRgsU5K https://t.co/oWmHhelgCk

    @compuchris

    15 Aug 2025

    26 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  11. CVE-2025-25256 FortiSIEM Vulnerability with in-the-wild exploit code https://t.co/fuWcIog9fb https://t.co/bdehMg6pXr

    @ChaosMonkie

    14 Aug 2025

    38 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  12. 🔴 ALERTA | Vulnerabilidad crítica en #FortiSIEM (CVE-2025-25256, CVSS 9.8) explotada activamente. 💡 Fortinet recomienda: ✅ Actualizar ✅ Restringir acceso al puerto 7900 En Compunet te ayudamos a mitigar riesgos. #Ciberseguridad #Fortinet https://t.co/7Olp3cSrQG

    @CompunetChile

    14 Aug 2025

    37 Impressions

    1 Retweet

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  13. CVE-2025-25256: Proof of Concept Released for Critical Fortinet FortiSIEM Command Injection Vulnerability https://t.co/UiYCrHfayu https://t.co/dTlJk754OG

    @EAlexStark

    14 Aug 2025

    65 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  14. Ignoring critical vulnerabilities could lead to disaster. CVE-2025-25256, a pre-authentication RCE flaw in Fortinet FortiSIEM, is exploited with a staggering CVSS score of 9.6. https://t.co/jVpSasfOl7

    @The4n6Analyst

    14 Aug 2025

    36 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  15. CVE-2025-25256: Proof of Concept Released for Critical Fortinet FortiSIEM Command Injection Vulnerability https://t.co/AAg23iBDwW https://t.co/MRrw70Sz1D

    @secured_cyber

    14 Aug 2025

    43 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  16. "Fortinet is aware that CVE-2025-25256 has been exploited in the wild." https://t.co/ZWZBSVUXbc

    @CheddarB0b42

    14 Aug 2025

    289 Impressions

    0 Retweets

    9 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  17. CVE-2025-25256: Proof of Concept Released for Critical Fortinet FortiSIEM Command Injection Vulnerability https://t.co/nLszSwZ6Ne https://t.co/gzZypriTF8

    @Trej0Jass

    14 Aug 2025

    34 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  18. $FTNT: Added to the list Recently, the FortiSIEM platform discovered a critical vulnerability (CVSS score 9.8) named CVE-2025-25256 and has been exploited in real-world code. Get entry and stop-loss levels 👇👇👇 🔗 https://t.co/kXiQS48jRf🚀🚀🚀 https://t.co/bDXyso

    @Cathy4801896821

    14 Aug 2025

    76 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  19. Breaking: Fortinet has released patches for a critical OS command injection flaw in FortiSIEM (CVE-2025-25256, CVSS 9.8) after exploit code surfaced in the wild. Affected versions: 5.4–7.3.1. Patch now or restrict port 7900 access. #infosec #cybersecurity https://t.co/mplnc5ddi

    @BreachNet

    14 Aug 2025

    1 Impression

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  20. تحذير أمني: استغلال مُحتمل وثغرة حرجة في FortiSIEM (CVE-2025-25256) التاريخ: 13 أغسطس 2025 • ثغرة حرجة (CVE‑2025‑25256) في منصة FortiSIEM تتيح تنفيذ أوامر نظام التشغيل عن بُعد بو

    @AlshukrIM47mouD

    14 Aug 2025

    4 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  21. FortiSIEMに深刻な脆弱性、実際の悪用も確認(CVE-2025-25256) #セキュリティ対策Lab #セキュリティ #Security https://t.co/EHRgh6H7zC

    @securityLab_jp

    14 Aug 2025

    94 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  22. Fortinet warns of a critical command injection vulnerability, CVE-2025-25256, affecting versions 5.4 to 7.3. Exploits exist in the wild. Upgrade to versions 7.3.2 or newer; a partial workaround is available. #Security https://t.co/yVKp9O60dD

    @Strivehawk

    13 Aug 2025

    68 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  23. FortiSIEMの重大(Critical)な脆弱性CVE-2025-25256が実際に悪用されていると、CERT-EUのアドバイザリ。 https://t.co/CP2V5KU62w

    @__kokumoto

    13 Aug 2025

    76 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    1 Quote

  24. Fortinet patches critical OS command injection flaw (CVE-2025-25256) in FortiSIEM versions 6.1 to 7.3.1 amid active exploitation and brute-force attacks targeting SSL VPNs and FortiManager devices. #FortiSIEM #FortinetPatch #InfoSec https://t.co/RthLVCJxNd

    @TweetThreatNews

    13 Aug 2025

    42 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  25. 🚨CVE-2025-25256: Fortinet FortiSIEM OS Command Injection Vulnerability, Exploit in the Wild https://t.co/I0uiSNEFZZ https://t.co/N0nk32SrnO

    @DarkWebInformer

    13 Aug 2025

    6407 Impressions

    14 Retweets

    54 Likes

    10 Bookmarks

    0 Replies

    0 Quotes

  26. A critical vulnerability (CVE-2025-25256) in Fortinet's FortiSIEM allows unauthenticated attackers to execute arbitrary commands remotely via the phMonitor port 7900. Active exploitation has been confirmed, with no distinctive IoCs. https://t.co/Th7OBDqJzv

    @securityRSS

    13 Aug 2025

    25 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  27. Fortinet está alertando a sus clientes sobre una falla de seguridad crítica en FortiSIEM para la cual, según dice, existe un exploit disponible. CVE-2025-25256 #2025 #Infosec #BT https://t.co/jYRwq4dpnr https://t.co/Szbd9IulTW

    @BrierandThornMX

    13 Aug 2025

    1 Impression

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  28. Fortinet, FortiSIEM'deki kritik bir güvenlik açığı (CVE-2025-25256) konusunda müşterilerini uyarıyor. Sahada aktif olarak kullanılan bir sömürü kodunun bulunduğu bu zafiyet, 10 üzerinden 9.8 gibi yüksek bir CVSS puanına sahip. https://t.co/uDo6rsyKC6

    @et2mas

    13 Aug 2025

    48 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  29. On 8/12/2025, Fortinet released patches for a critical vulnerability impacting FortiSIEM appliances. CVE-2025-25256 (CVSS 9.8) is a remote unauthenticated command injection vulnerability that could allow unauthenticated attackers to perform OS code injection. https://t.co/Mi5

    @BlackpointUS

    13 Aug 2025

    90 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  30. 🛡️ FortiSIEM tiene una nueva vulnerabilidad crítica Fortinet alertó sobre CVE-2025-25256. Es un fallo de inyección de comandos en FortiSIEM que permite a atacantes no autenticados ejecutar código o comandos con solicitudes CLI manipuladas. El exploit ya circula en la

    @CycuraMX

    13 Aug 2025

    2520 Impressions

    15 Retweets

    47 Likes

    11 Bookmarks

    0 Replies

    0 Quotes

  31. CVE-2025-25256はFortiSIEMに存在する認証不要のOSコマンドインジェクション脆弱性で、細工されたCLIリクエストにより任意コードやコマンドを実行される危険がある。 Fortinetは実際に悪用コードが出回っていること

    @yousukezan

    13 Aug 2025

    1712 Impressions

    2 Retweets

    7 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  32. Fortinet Warns About FortiSIEM Vulnerability (CVE-2025-25256) With In-the-Wild Exploit Code https://t.co/9sDq6ZF7qK

    @Dinosn

    13 Aug 2025

    2402 Impressions

    5 Retweets

    22 Likes

    8 Bookmarks

    0 Replies

    0 Quotes

  33. Fortinet Warns About FortiSIEM Vulnerability (CVE-2025-25256) With In-the-Wild Exploit Code https://t.co/cQrIOWjyPg https://t.co/zJx5urHAvW

    @RigneySec

    13 Aug 2025

    33 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  34. The Hacker News - Fortinet Warns About FortiSIEM Vulnerability (CVE-2025-25256) With In-the-Wild Exploit Code https://t.co/Czd8skJjGQ

    @buzz_sec

    13 Aug 2025

    34 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  35. Fortinet warns about FortiSIEM vulnerability with in-the-wild exploit code (CVE-2025-25256) https://t.co/P8ShPmbRFr #HelpNetSecurity #Cybersecurity https://t.co/qxT4ItloTI

    @PoseidonTPA

    13 Aug 2025

    4 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  36. CVE-2025-25256 An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] in Fortinet FortiSIEM version 7.3.0 through 7.3.1… https://t.co/UZFpCM3pL7

    @CVEnew

    13 Aug 2025

    371 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  37. FortiSIEM CVE-2025-25256 (CVSS 9.8): Remote Unauthenticated Command Injection with Exploit in the Wild https://t.co/0tMgBasY9S "The vulnerability impacts a wide range of FortiSIEM releases:" https://t.co/idjvwTr0EW

    @catnap707

    13 Aug 2025

    464 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    1 Reply

    0 Quotes

  38. oh well… another critical forti vuln? 🟥 CVE-2025-25256, CVSS: 9.8 (#Critical) Fortinet FortiSIEM. OS Command Injection vulnerability. 🚨 Practical exploit code for this vulnerability was found in the wild. Unauthenticated attackers can execute unauthorized code via cr

    @UjlakiMarci

    12 Aug 2025

    1657 Impressions

    9 Retweets

    21 Likes

    5 Bookmarks

    3 Replies

    0 Quotes

Configurations

References

Sources include official advisories and independent security research.