Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

FortiSIEM OS command injection (CVE-2025-64155)

Vulnerability
First reported
Last updated
Happening score
H score 46
2 unique sources, 2 articles

Summary

Hide ▲

FortiSIEM is affected by CVE-2025-64155, a critical OS command injection flaw that can let an unauthenticated attacker execute code on Super and Worker nodes. The bug is reachable through crafted TCP requests and materially raises the risk of remote compromise. Fortinet has already shipped fixes, and the issue can also enable admin-to-root privilege escalation through the reported file-write chain.

Related Happenings

Quiz and Survey Master SQL injection mitigation (CVE-2025-67987)

Advisory/Mitigation
First: 03.02.2026 18:15 Last: 03.02.2026 18:15 Sources 1

About this happening: **Patchstack** published mitigation guidance for **CVE-2025-67987**, directing administrators to update **Quiz and Survey Master** to **version 10.3.2** to close a **SQL injection...

Open Happening

Fortinet FortiCloud SSO mitigation guidance

Advisory/Mitigation
First: 28.01.2026 01:19 Last: 28.01.2026 01:19 Sources 1

About this happening: **Fortinet** advised customers to **restrict administrative access** and **disable FortiCloud SSO** to reduce abuse of an **actively exploited** authentication bypass affecting de...

Open Happening

Fortinet CVE-2025-59718 mitigation guidance

Advisory/Mitigation
First: 23.01.2026 12:39 Last: 23.01.2026 12:39 Sources 1

About this happening: **Fortinet** told customers to immediately harden **FortiCloud SSO** exposure for **CVE-2025-59718**, because attackers are still abusing the flaw against **fully patched firewall...

Open Happening

HPE OneView RondoDox exploitation wave (CVE-2025-37164)

Exploitation Wave
First: 16.01.2026 11:15 Last: 16.01.2026 11:15 Sources 1

About this happening: **RondoDox** has driven a **large-scale exploitation wave** against **HPE OneView** by targeting **CVE-2025-37164**, with activity escalating into **automated attacks** that creat...

Open Happening

FortiGate SSL VPN active 2FA bypass (CVE-2020-12812)

Vulnerability
First: 02.01.2026 18:01 Last: 02.01.2026 18:01 Sources 1

About this happening: **Fortinet** says **CVE-2020-12812** is still being **actively exploited**, leaving **over 10,000 Fortinet firewalls** exposed to a **2FA bypass** risk. The weakness affects **For...

Open Happening

Timeline

  1. 16.01.2026 12:29 1 articles · 4mo ago

    Threat actors actively exploit Fortinet FortiSIEM CVE-2025-64155

    Exploitation Observed

    Threat actors are actively exploiting CVE-2025-64155 in Fortinet FortiSIEM, with Defused reporting targeted exploitation in honeypots after public proof-of-concept exploit code was released and Horizon3.ai providing indicators of compromise for already compromised systems.

    Show sources
    Open in new tab
  2. 14.01.2026 13:53 2 articles · 4mo ago

    Fortinet releases FortiSIEM fixes for CVE-2025-64155

    Mitigation Patch Update

    Fortinet released FortiSIEM updates on 2026-01-14 to fix CVE-2025-64155 across FortiSIEM 6.7.0 through 6.7.10, 7.0.0 through 7.0.4, 7.1.0 through 7.1.8, 7.2.0 through 7.2.6, 7.3.0 through 7.3.4, and 7.4.0, and advised customers to limit access to phMonitor port 7900 until affected systems are upgraded.

    Show sources
    Open in new tab
  3. 14.08.2025 03:00 1 articles · 9mo ago

    Horizon3.ai reports FortiSIEM CVE-2025-64155

    Initial Disclosure

    Horizon3.ai researcher Zach Hanley reported CVE-2025-64155 in FortiSIEM on August 14, 2025, describing a critical OS command injection that could let an unauthenticated attacker execute unauthorized code or commands via crafted TCP requests against Super and Worker nodes.

    Show sources
    Open in new tab