CVE-2025-25256

CRITICAL EXPLOITED NUCLEI

Fortinet FortiSIEM - OS Command Injection

Title source: nuclei

Description

An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] in Fortinet FortiSIEM version 7.3.0 through 7.3.1, 7.2.0 through 7.2.5, 7.1.0 through 7.1.7, 7.0.0 through 7.0.3 and before 6.7.9 allows an unauthenticated attacker to execute unauthorized code or commands via crafted CLI requests.

Exploits (1)

nomisec WORKING POC 18 stars

by watchtowrlabs · remote

https://github.com/watchtowrlabs/watchTowr-vs-FortiSIEM-CVE-2025-25256

View Code ZIP pw:eip

Nuclei Templates (1)

Fortinet FortiSIEM - OS Command Injection

CRITICALby watchtowr,darses

Shodan: http.favicon.hash:-1341442175 || http.html:"var hst = location.hostname"

FOFA: icon_hash="-1341442175" || body="var hst = location.hostname"

References (4)

[Various Sources] https://github.com/watchtowrlabs/watchTowr-vs-FortiSIEM-CVE-2025-25256

[Various Sources] https://labs.watchtowr.com/should-security-solutions-be-secure-maybe-were-all-wrong-fortinet-fortisiem-pre-auth-command-injection-cve-2025-25256/

[Vendor Advisory] https://fortiguard.fortinet.com/psirt/FG-IR-25-152

[Third Party Advisory] https://www.theregister.com/2025/08/13/fortinet_discloses_critical_bug/

Scores

CVSS v3 9.8

EPSS 0.4492

EPSS Percentile 97.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

VulnCheck KEV 2025-08-12

CWE

CWE-78

Status published

Products (1)

fortinet/fortisiem 5.4.0 - 6.7.10

Published Aug 12, 2025

Tracked Since Feb 18, 2026