EXPLOIT Fortinet FortiSIEM Pre-Auth Command Injection (CVE-2025-25256)

Rule ID

1237211

Severity

Critical

Description

An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] in Fortinet FortiSIEM version 7.3.0 through 7.3.1, 7.2.0 through 7.2.5, 7.1.0 through 7.1.7, 7.0.0 through 7.0.3 and before 6.7.9 allows an unauthenticated attacker to execute unauthorized code or commands via crafted CLI requests.

Impact

Remote code execution

Recommendation

Update vendor's patch.

IPS Category

Exploits

IPS Anomaly Group

N/A

IPS Rule Default Action

Deny

References

CVE-2025-25256

T1210

T1059.004

Keywords

N/A

Date Created

2025/08/18

Last Updated

2025/09/25

This website uses cookies to ensure you get the best experience on our website.

Learn more