FortiSIEM OS command injection (CVE-2025-64155)
Vulnerability
Summary
Hide ▲
Show ▼
FortiSIEM is affected by CVE-2025-64155, a critical OS command injection flaw that can let an unauthenticated attacker execute code on Super and Worker nodes. The bug is reachable through crafted TCP requests and materially raises the risk of remote compromise. Fortinet has already shipped fixes, and the issue can also enable admin-to-root privilege escalation through the reported file-write chain.
Related Happenings
FortiClient EMS CVE-2026-35616 exploitation wave
Exploitation Wave
H score56
First: 28.05.2026 18:26
Last: 28.05.2026 18:26
Sources 1
About this happening:
**CVE-2026-35616** exploitation in **FortiClient Enterprise Management Server (EMS)** is being used to deliver the undocumented credential stealer **EKZ**. Attackers are abusing u...
FortiClient EMS CVE-2026-35616 exploitation wave
Exploitation WaveAbout this happening: **CVE-2026-35616** exploitation in **FortiClient Enterprise Management Server (EMS)** is being used to deliver the undocumented credential stealer **EKZ**. Attackers are abusing u...
Quiz and Survey Master SQL injection mitigation (CVE-2025-67987)
Advisory/Mitigation
H score61
First: 03.02.2026 18:15
Last: 03.02.2026 18:15
Sources 1
About this happening:
**Patchstack** published mitigation guidance for **CVE-2025-67987**, directing administrators to update **Quiz and Survey Master** to **version 10.3.2** to close a **SQL injection...
Quiz and Survey Master SQL injection mitigation (CVE-2025-67987)
Advisory/MitigationAbout this happening: **Patchstack** published mitigation guidance for **CVE-2025-67987**, directing administrators to update **Quiz and Survey Master** to **version 10.3.2** to close a **SQL injection...
Fortinet FortiCloud SSO mitigation guidance
Advisory/Mitigation
H score51
First: 28.01.2026 01:19
Last: 28.01.2026 01:19
Sources 1
About this happening:
**Fortinet** advised customers to **restrict administrative access** and **disable FortiCloud SSO** to reduce abuse of an **actively exploited** authentication bypass affecting de...
Fortinet FortiCloud SSO mitigation guidance
Advisory/MitigationAbout this happening: **Fortinet** advised customers to **restrict administrative access** and **disable FortiCloud SSO** to reduce abuse of an **actively exploited** authentication bypass affecting de...
Fortinet CVE-2025-59718 mitigation guidance
Advisory/Mitigation
H score56
First: 23.01.2026 12:39
Last: 23.01.2026 12:39
Sources 1
About this happening:
**Fortinet** told customers to immediately harden **FortiCloud SSO** exposure for **CVE-2025-59718**, because attackers are still abusing the flaw against **fully patched firewall...
Fortinet CVE-2025-59718 mitigation guidance
Advisory/MitigationAbout this happening: **Fortinet** told customers to immediately harden **FortiCloud SSO** exposure for **CVE-2025-59718**, because attackers are still abusing the flaw against **fully patched firewall...
HPE OneView RondoDox exploitation wave (CVE-2025-37164)
Exploitation Wave
H score59
First: 16.01.2026 11:15
Last: 16.01.2026 11:15
Sources 1
About this happening:
**RondoDox** has driven a **large-scale exploitation wave** against **HPE OneView** by targeting **CVE-2025-37164**, with activity escalating into **automated attacks** that creat...
HPE OneView RondoDox exploitation wave (CVE-2025-37164)
Exploitation WaveAbout this happening: **RondoDox** has driven a **large-scale exploitation wave** against **HPE OneView** by targeting **CVE-2025-37164**, with activity escalating into **automated attacks** that creat...
Timeline
-
16.01.2026 12:29 1 articles · 5mo ago
Threat actors actively exploit Fortinet FortiSIEM CVE-2025-64155
Exploitation ObservedThreat actors are actively exploiting CVE-2025-64155 in Fortinet FortiSIEM, with Defused reporting targeted exploitation in honeypots after public proof-of-concept exploit code was released and Horizon3.ai providing indicators of compromise for already compromised systems.
Show sources
- Hackers now exploiting critical Fortinet FortiSIEM flaw in attacks — www.bleepingcomputer.com — 16.01.2026 12:29
-
14.01.2026 13:53 2 articles · 5mo ago
Fortinet releases FortiSIEM fixes for CVE-2025-64155
Mitigation Patch UpdateFortinet released FortiSIEM updates on 2026-01-14 to fix CVE-2025-64155 across FortiSIEM 6.7.0 through 6.7.10, 7.0.0 through 7.0.4, 7.1.0 through 7.1.8, 7.2.0 through 7.2.6, 7.3.0 through 7.3.4, and 7.4.0, and advised customers to limit access to phMonitor port 7900 until affected systems are upgraded.
Show sources
- Fortinet Fixes Critical FortiSIEM Flaw Allowing Unauthenticated Remote Code Execution — thehackernews.com — 14.01.2026 13:53
- Fortinet Fixes Critical FortiSIEM Flaw Allowing Unauthenticated Remote Code Execution — thehackernews.com — 14.01.2026 13:53
-
14.08.2025 03:00 1 articles · 10mo ago
Horizon3.ai reports FortiSIEM CVE-2025-64155
Initial DisclosureHorizon3.ai researcher Zach Hanley reported CVE-2025-64155 in FortiSIEM on August 14, 2025, describing a critical OS command injection that could let an unauthenticated attacker execute unauthorized code or commands via crafted TCP requests against Super and Worker nodes.
Show sources
- Fortinet Fixes Critical FortiSIEM Flaw Allowing Unauthenticated Remote Code Execution — thehackernews.com — 14.01.2026 13:53