CVE-2025-25256

{"id": "CVE-2025-25256", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "psirt@fortinet.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2025-08-12T19:15:28.683", "references": [{"url": "https://fortiguard.fortinet.com/psirt/FG-IR-25-152", "tags": ["Vendor Advisory"], "source": "psirt@fortinet.com"}, {"url": "https://www.theregister.com/2025/08/13/fortinet_discloses_critical_bug/", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://github.com/watchtowrlabs/watchTowr-vs-FortiSIEM-CVE-2025-25256", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"}, {"url": "https://labs.watchtowr.com/should-security-solutions-be-secure-maybe-were-all-wrong-fortinet-fortisiem-pre-auth-command-injection-cve-2025-25256/", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "psirt@fortinet.com", "description": [{"lang": "en", "value": "CWE-78"}]}], "descriptions": [{"lang": "en", "value": "An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] in Fortinet FortiSIEM version 7.3.0 through 7.3.1, 7.2.0 through 7.2.5, 7.1.0 through 7.1.7, 7.0.0 through 7.0.3 and before 6.7.9 allows an unauthenticated attacker to execute unauthorized code or commands via crafted CLI requests."}, {"lang": "es", "value": "Una vulnerabilidad de neutralizaci\u00f3n incorrecta de elementos especiales utilizados en un comando del SO ('OS Command Injection') [CWE-78] en Fortinet FortiSIEM versi\u00f3n 7.3.0 a 7.3.1, 7.2.0 a 7.2.5, 7.1.0 a 7.1.7, 7.0.0 a 7.0.3 y anteriores a 6.7.9 permite que un atacante no autenticado ejecute c\u00f3digo o comandos no autorizados a trav\u00e9s de solicitudes CLI manipuladas."}], "lastModified": "2025-08-15T18:15:27.583", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:fortinet:fortisiem:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AE219A7C-15F6-42F1-8A2E-2D9C2D182F47", "versionEndExcluding": "6.7.10", "versionStartIncluding": "5.4.0"}, {"criteria": "cpe:2.3:a:fortinet:fortisiem:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C19909A4-227B-460D-B1EF-5115B8DB0CF9", "versionEndExcluding": "7.0.4", "versionStartIncluding": "7.0.0"}, {"criteria": "cpe:2.3:a:fortinet:fortisiem:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "119827CE-B8BF-4418-830F-B87CA0305265", "versionEndExcluding": "7.1.8", "versionStartIncluding": "7.1.0"}, {"criteria": "cpe:2.3:a:fortinet:fortisiem:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8DBF861B-B200-40BA-86A3-51E90F3DCF04", "versionEndExcluding": "7.2.6", "versionStartIncluding": "7.2.0"}, {"criteria": "cpe:2.3:a:fortinet:fortisiem:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0A631305-1FA5-4CE8-B180-DC4BD6467A2F", "versionEndExcluding": "7.3.2", "versionStartIncluding": "7.3.0"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@fortinet.com"}