CVE-2025-25256

9.8

CRITICAL

Fortinet FortiSIEM OS Command Injection

Description

An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] in Fortinet FortiSIEM version 7.3.0 through 7.3.1, 7.2.0 through 7.2.5, 7.1.0 through 7.1.7, 7.0.0 through 7.0.3 and before 6.7.9 allows an unauthenticated attacker to execute unauthorized code or commands via crafted CLI requests.

INFO

Published Date :

Aug. 12, 2025, 7:15 p.m.

Last Modified :

Aug. 12, 2025, 7:15 p.m.

Source :

[email protected]

Remotely Exploitable :

Yes !

Impact Score :

5.9

Exploitability Score :

3.9

Affected Products

The following products are affected by CVE-2025-25256 vulnerability. Even if cvefeed.io is aware of the exact versions of the products that are affected, the information is not represented in the table below.

ID	Vendor	Product	Action
1	Fortinet	fortisiem

: Total Affected Vendor : 1 | Products : 1

References to Advisories, Solutions, and Tools

Here, you will find a curated list of external links that provide in-depth information, practical solutions, and valuable tools related to CVE-2025-25256.

URL	Resource
https://fortiguard.fortinet.com/psirt/FG-IR-25-152

We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).

Results are limited to the first 15 repositories due to potential performance issues.

The following list is the news that have been mention CVE-2025-25256 vulnerability anywhere in the article.

Help Net Security

Microsoft fixes “BadSuccessor” Kerberos vulnerability (CVE-2025-53779)

For August 2025 Patch Tuesday, Microsoft has released security updates resolving 100+ security vulnerabilities in its various solutions, including a relative path traversal flaw in Windows Kerberos (C ...

Published Date: Aug 13, 2025 (1 hour, 31 minutes ago)

CVE-2025-25256 CVE-2025-53779 CVE-2025-53778 CVE-2025-53766 CVE-2025-53740 CVE-2025-53731 CVE-2025-49712 CVE-2025-53786 CVE-2025-53771 CVE-2025-53770

The Hacker News

Fortinet Warns About FortiSIEM Vulnerability (CVE-2025-25256) With In-the-Wild Exploit Code

Aug 13, 2025Ravie LakshmananVulnerability / Network Security Fortinet is alerting customers of a critical security flaw in FortiSIEM for which it said there exists an exploit in the wild. The vulner ...

Published Date: Aug 13, 2025 (1 hour, 59 minutes ago)

CVE-2025-25256

Help Net Security

Fortinet warns about FortiSIEM vulnerability with in-the-wild exploit code (CVE-2025-25256)

Fortinet has released patches for a critical OS command injection vulnerability (CVE-2025-25256) in FortiSIEM, after practical exploit code surfaced in the wild. About CVE-2025-25256 FortiSIEM is a se ...

Published Date: Aug 13, 2025 (3 hours, 53 minutes ago)

CVE-2025-25256 CVE-2024-23108 CVE-2023-34992

CybersecurityNews

Critical FortiSIEM Vulnerability Lets Attackers Execute Malicious Commands – PoC Found in the Wild

A critical security vulnerability in the Fortinet FortiSIEM platform allows unauthenticated attackers to execute arbitrary commands remotely. The vulnerability CVE-2025-25256, classified as CWE-78 (OS ...

Published Date: Aug 13, 2025 (7 hours, 51 minutes ago)

CVE-2025-25256

Daily CyberSecurity

Chrome Stable Update 139 Blocks High-Severity Exploits in V8, libaom, and ANGLE

Google has rolled out a Stable Channel update for desktop users, bringing Chrome to version 139.0.7258.127/.128 for Windows and Mac, and 139.0.7258.127 for Linux. The update will reach users over the ...

Published Date: Aug 13, 2025 (13 hours, 19 minutes ago)

CVE-2025-8901 CVE-2025-8882 CVE-2025-8881 CVE-2025-8880 CVE-2025-8879 CVE-2025-25256 CVE-2024-5171

Daily CyberSecurity

FortiSIEM CVE-2025-25256 (CVSS 9.8): Remote Unauthenticated Command Injection with Exploit in the Wild

Fortinet has issued an urgent security advisory for a critical remote unauthenticated command injection vulnerability affecting multiple versions of FortiSIEM, a leading Security Information and Event ...

Published Date: Aug 13, 2025 (13 hours, 26 minutes ago)

CVE-2025-25256 CVE-2024-23109 CVE-2024-23108 CVE-2023-36553 CVE-2023-34993 CVE-2023-34992

Daily CyberSecurity

SAP Patch Day August 2025: Critical Code Injection Flaws Threaten Core ERP Systems

Today, 2025, SAP released 15 new Security Notes and 4 updates to previously issued advisories as part of its monthly Security Patch Day. While the update addresses a broad range of issues, several cri ...

Published Date: Aug 12, 2025 (1 day, 6 hours ago)

CVE-2025-25256 CVE-2025-42976 CVE-2025-42975 CVE-2025-42957 CVE-2025-42951 CVE-2025-42950 CVE-2025-27429

The following table lists the changes that have been made to the CVE-2025-25256 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.

New CVE Received by [email protected]

Aug. 12, 2025

Action	Type	New Value
Added	Description	An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] in Fortinet FortiSIEM version 7.3.0 through 7.3.1, 7.2.0 through 7.2.5, 7.1.0 through 7.1.7, 7.0.0 through 7.0.3 and before 6.7.9 allows an unauthenticated attacker to execute unauthorized code or commands via crafted CLI requests.
Added	CVSS V3.1	AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Added	CWE	CWE-78
Added	Reference	https://fortiguard.fortinet.com/psirt/FG-IR-25-152

EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days. Following chart shows the EPSS score history of the vulnerability.

CWE - Common Weakness Enumeration

While CVE identifies specific instances of vulnerabilities, CWE categorizes the common flaws or weaknesses that can lead to vulnerabilities. CVE-2025-25256 is associated with the following CWEs:

CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Common Attack Pattern Enumeration and Classification (CAPEC)

Common Attack Pattern Enumeration and Classification (CAPEC) stores attack patterns, which are descriptions of the common attributes and approaches employed by adversaries to exploit the CVE-2025-25256 weaknesses.

CAPEC-6: Argument Injection Argument Injection CAPEC-15: Command Delimiters Command Delimiters CAPEC-43: Exploiting Multiple Input Interpretation Layers Exploiting Multiple Input Interpretation Layers CAPEC-88: OS Command Injection OS Command Injection CAPEC-108: Command Line Execution through SQL Injection Command Line Execution through SQL Injection

CVE-2025-25256

Fortinet FortiSIEM OS Command Injection

Description

INFO

Aug. 12, 2025, 7:15 p.m.

Aug. 12, 2025, 7:15 p.m.

[email protected]

Yes !

5.9

3.9

Affected Products

References to Advisories, Solutions, and Tools

Microsoft fixes “BadSuccessor” Kerberos vulnerability (CVE-2025-53779)

Fortinet Warns About FortiSIEM Vulnerability (CVE-2025-25256) With In-the-Wild Exploit Code

Fortinet warns about FortiSIEM vulnerability with in-the-wild exploit code (CVE-2025-25256)

Critical FortiSIEM Vulnerability Lets Attackers Execute Malicious Commands – PoC Found in the Wild

Chrome Stable Update 139 Blocks High-Severity Exploits in V8, libaom, and ANGLE

FortiSIEM CVE-2025-25256 (CVSS 9.8): Remote Unauthenticated Command Injection with Exploit in the Wild

SAP Patch Day August 2025: Critical Code Injection Flaws Threaten Core ERP Systems

New CVE Received by [email protected]

CWE - Common Weakness Enumeration

Common Attack Pattern Enumeration and Classification (CAPEC)

CVSS31 - Vulnerability Scoring System

Theme Customizer

Layout

Vertical

Horizontal

Two Column

Color Scheme

Light

Dark

Layout Width

Fluid

Boxed

Layout Position

Topbar Color

Light

Dark

Sidebar Size

Default

Compact

Small (Icon View)

Small Hover View

Sidebar View

Default

Detached

Sidebar Color

Light

Dark

Gradient

Preloader

Enable

Disable