Unrated severityNVD Advisory· Published Jan 13, 2026· Updated Feb 26, 2026
CVE-2025-64155
CVE-2025-64155
Description
An improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiSIEM 7.4.0, FortiSIEM 7.3.0 through 7.3.4, FortiSIEM 7.1.0 through 7.1.8, FortiSIEM 7.0.0 through 7.0.4, FortiSIEM 6.7.0 through 6.7.10 may allow an attacker to execute unauthorized code or commands via crafted TCP requests.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2Patches
Vulnerability mechanics
References
1News mentions
1- Risky Business #821 -- Wiz researchers could have owned every AWS customerRisky Business · Jan 21, 2026