CVE-2025-64155

This PoC exploits an argument injection vulnerability in Fortinet FortiSIEM to achieve remote code execution as root. It sends a crafted XML payload to the Phoenix Monitor service, which triggers a file write via a cron job, leading to RCE.

This repository contains a Python-based scanner for detecting CVE-2025-64155, a command injection vulnerability in the Phoenix Monitor service. The scanner uses a time-based detection method by injecting a 'sleep' command into the 'cluster_url' parameter of the 'handleStorageRequest' command (ID: 1075724911) and measuring response delays.

The repository contains only a README with a link to an external GitHub repository, lacking any actual exploit code or technical details. This is characteristic of a social engineering lure.

This repository contains a scanner for CVE-2025-64155, a command injection vulnerability in FortiSIEM's phMonitor service. The tool checks for open TCP/7900 and optionally probes for vulnerable handler behavior without exploiting the system.

This repository contains a Python-based scanner for detecting CVE-2025-64155, a command injection vulnerability in the Phoenix Monitor service. The scanner uses a time-based detection method by injecting a 'sleep 3' command into the 'cluster_url' parameter of the 'handleStorageRequest' command.

This repository contains a detailed writeup for CVE-2025-64155, a critical OS command injection vulnerability in Fortinet FortiSIEM allowing unauthenticated remote code execution with root privileges. The README provides vulnerability details, affected versions, mitigation steps, and references.