AI description
CVE-2025-64155 is an OS Command Injection vulnerability affecting Fortinet FortiSIEM's Super and Worker nodes. This flaw allows an unauthenticated attacker to execute unauthorized code or commands by sending specially crafted TCP requests. The vulnerability resides within the phMonitor service, which operates on TCP port 7900 and is responsible for inter-node communication and data exchange within FortiSIEM deployments. Exploitation of CVE-2025-64155 stems from improper neutralization of user-supplied input to an unauthenticated API endpoint exposed by the phMonitor service. This can lead to arbitrary file writes and, subsequently, privilege escalation to gain full administrative control and root access on the affected appliance. Fortinet has released patches to address this issue, and a recommended workaround involves limiting access to the phMonitor port (7900).
- Description
- An improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiSIEM 7.4.0, FortiSIEM 7.3.0 through 7.3.4, FortiSIEM 7.1.0 through 7.1.8, FortiSIEM 7.0.0 through 7.0.4, FortiSIEM 6.7.0 through 6.7.10 may allow an attacker to execute unauthorized code or commands via crafted TCP requests.
- Source
- psirt@fortinet.com
- NVD status
- Analyzed
- Products
- fortisiem
CVSS 3.1
- Type
- Secondary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
- psirt@fortinet.com
- CWE-78
Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.
- Hype score
26
🚨 CVE-2025-64155 | Fortinet FortiSIEM Critical unauthenticated OS command injection in FortiSIEM 6.7–7.4 via crafted TCP requests. Remote attackers can run arbitrary commands. CVSS 9.4 | Public PoC | No patch yet 👉https://t.co/pRHaR7hWET https://t.co/0aHrkjIFYw
@rapidriskradar
15 Jan 2026
35 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨Critical alert from Canadian Cyber Centre: Fortinet just patched a 9.4 CVSS unauthenticated RCE in FortiSIEM. CVE-2025-64155 lets attackers execute commands via crafted TCP requests, no auth needed. Your SIEM is supposed to protect you. Now it's a critical attack vector.
@Sakurity324
14 Jan 2026
51 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
How CVE-2025-64155 Allows Attackers to Pivot from FortiSIEM to Your Entire Enterprise Read the full report on - https://t.co/9DguVmh21w https://t.co/HPKGX4uuzY
@Iambivash007
14 Jan 2026
6 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Critical FortiSIEM Vulnerability(CVE-2025-64155) Enable Full RCE and Root Compromise https://t.co/yFyTZwVqko In August 2025, Fortinet issued an advisory for CVE-2025-25256, an OS command injection vulnerability (CWE-78) in FortiSIEM that exposed the platform to unauthenticated
@f1tym1
14 Jan 2026
5 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Fortinet just released emergency updates to fix a critical FortiSIEM vulnerability (CVE-2025-64155) that could let unauthenticated attackers execute code remotely. Read more here: https://t.co/lQMXCjj3Kf https://t.co/gDw5N0VsdQ
@0xNanorisk
14 Jan 2026
48 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨Fortinet FortiSIEM CVE-2025-64155 (unauth remote command injection vulnerability) is now being actively exploited 38.180.81.238 AS 29802 🇺🇸 ( HVC-AS ) VirusTotal detections 0/93 🟢 Reverse DNS ynjgurdjcgomooq[.]newcollegehouse[.]com Monitor FortiSIEM exploitation
@DefusedCyber
14 Jan 2026
3676 Impressions
8 Retweets
19 Likes
8 Bookmarks
1 Reply
1 Quote
Critical Vulnerability Alert Fortinet has fixed a FortiSIEM RCE flaw allowing unauthenticated code execution (CVE-2025-64155, CVSS 9.4). Patch immediately or restrict access to port 7900. #CyberSecurity #Fortinet #VulnerabilityAlert https://t.co/wFdr4P7fRN
@CloneSystemsInc
14 Jan 2026
72 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Critical FortiSIEM RCE flaw fixed! 🚨 Unauthenticated attackers could exploit CVE-2025-64155 (CVSS 9.4). Update NOW! https://t.co/JEtxPvIv9C #Fortinet #RCE #CyberSecurity #PatchNow
@0xT3chn0m4nc3r
14 Jan 2026
13 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2025-64155: Critical unauthenticated OS command injection in Fortinet FortiSIEM which may allow an unauthenticated attacker to execute unauthorised code or commands via crafted TCP requests I've created a vulnerability detection script here: https://t.co/anXlRwBopR http
@rxerium
14 Jan 2026
8427 Impressions
32 Retweets
130 Likes
39 Bookmarks
2 Replies
4 Quotes
🚨 Fortinet Patches Critical FortiFone & FortiSIEM Flaws Enabling Config Leak and Unauthenticated RCE Fortinet fixed two critical bugs: CVE-2025-64155 (FortiSIEM OS command injection, CVSS 9.4) enabling unauthenticated remote code/command execution via crafted TCP requests,
@ThreatSynop
14 Jan 2026
59 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Upozorňujeme na kritické a vysoce závažné zranitelnosti v produktech Fortinet FortiSIEM, FortiFone Web Portal, FortiOS, FortiSwitchManager, FortiSASE, CVE-2025-64155, CVE-2025-47855 a CVE-2025-25249. Tyto zranitelnosti zahrnují neautentizované vzdálené spouštění
@GOVCERT_CZ
14 Jan 2026
829 Impressions
3 Retweets
4 Likes
2 Bookmarks
0 Replies
1 Quote
🚨 CVE-2025-64155 (CVSS 9.4): Fortinet FortiSIEM Command Execution An improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiSIEM 7.4.0, FortiSIEM 7.3.0 through 7.3.4, FortiSIEM 7.1.0 through 7.1.8, FortiSIEM h
@zoomeye_team
14 Jan 2026
2481 Impressions
9 Retweets
39 Likes
6 Bookmarks
0 Replies
1 Quote
🚨Alert🚨 CVE-2025-64155 : Fortinet FortiSIEM Argument Injection to Remote Code Execution. 🧐Deep Dive :https://t.co/KhBOGPtBAl 📊 61K Services are found on the https://t.co/ysWb28BTvF yearly. 🔗Hunter Link:https://t.co/Ut94FpQC0E 👇Query HUNTER : https://t.co/iA3dRAL
@HunterMapping
14 Jan 2026
2210 Impressions
20 Retweets
42 Likes
11 Bookmarks
1 Reply
0 Quotes
🚨Alert🚨 CVE-2025-64155 : Fortinet FortiSIEM Argument Injection to Remote Code Execution. 🧐Deep Dive :https://t.co/KhBOGPtBAl 📊 61K Services are found on the https://t.co/ysWb28BTvF yearly. 🔗Hunter Link:https://t.co/Ut94FpQC0E 👇Query HUNTER : https://t.co/gL7hYRZ
@HunterMapping
14 Jan 2026
78 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 @Horizon3Attack has disclosed a new FortiSIEM vulnerability chain leading to full appliance compromise, tracked as CVE-2025-64155. We’ve also released a Rapid Response test, allowing you to identify exploitable FortiSIEM instances, apply mitigations, and re-run testing t
@Horizon3ai
13 Jan 2026
201 Impressions
0 Retweets
2 Likes
0 Bookmarks
1 Reply
0 Quotes
⚠️ A critical vulnerability affecting Fortinet FortiSIEM (CVE-2025-64155) has been disclosed - allowing unauthenticated attacker to remotely inject arguments, leading to root remote code execution We have added a FortiSIEM honeypot intel stream into Defused TF 🍯 👉 htt
@DefusedCyber
13 Jan 2026
8500 Impressions
12 Retweets
55 Likes
20 Bookmarks
1 Reply
1 Quote
CVE-2025-64155: 3 Years of Remotely Rooting the Fortinet FortiSIEM https://t.co/S5e4jaF7P5 https://t.co/I1XPO6vbFl
@secharvesterx
13 Jan 2026
125 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
[CVE-2025-64155: CRITICAL] Fortinet FortiSIEM is vulnerable to OS command injection flaw, potentially enabling attackers to execute unauthorized code via manipulated TCP requests.#cve,CVE-2025-64155,#cybersecurity https://t.co/eXEk7sV7pD https://t.co/gzIlvoFlgY
@CveFindCom
13 Jan 2026
93 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🔴 CVE-2025-64155 - Critical An improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiSIEM 7.4.0, FortiSIEM 7.3.0 through 7.3.4, FortiSIEM 7.1.0 thr... https://t.co/mAQFPpL8R1 https://t.co/yv8QZsqtd4
@TheHackerWire
13 Jan 2026
69 Impressions
0 Retweets
3 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-64155 An improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiSIEM 7.4.0, FortiSIEM 7.3.0 through 7.3.4… https://t.co/YAGPemNCjM
@CVEnew
13 Jan 2026
183 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:fortinet:fortisiem:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "409EC360-68C2-4098-AC99-8310913D8EC0",
"versionEndExcluding": "7.1.9",
"versionStartIncluding": "6.7.0"
},
{
"criteria": "cpe:2.3:a:fortinet:fortisiem:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2A8C7360-73D5-4629-B1C3-47B6C7AD9678",
"versionEndExcluding": "7.2.7",
"versionStartIncluding": "7.2.0"
},
{
"criteria": "cpe:2.3:a:fortinet:fortisiem:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C41BBF42-F97A-4358-ADB6-9762BD8F3CAE",
"versionEndExcluding": "7.3.5",
"versionStartIncluding": "7.3.0"
},
{
"criteria": "cpe:2.3:a:fortinet:fortisiem:7.4.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "500DAB25-48C9-48C7-B7CD-92C06989F039"
}
],
"operator": "OR"
}
]
}
]