【Vulnerability Alert】A Critical Security Vulnerability Has Been Identified in Fortinet FortiSIEM (CVE-2025-64155)
publish date :
2026-01-23
update date :
2026-01-26
Source: Ministry of education information & communication security contingency platform
"" "" ""
| Publication Number | TACERT-ANA-2026011501011212 | Publication Time | 2026/01/15 13:36 |
| Incident Type | ANA-Vulnerability Alert | Discovery Time | 2026/01/15 13:36 |
| Impact Level | Low | ||
| [Subject] 【Vulnerability Alert】A Critical Security Vulnerability Has Been Identified in Fortinet FortiSIEM (CVE-2025-64155) |
|||
| [Content] Forwarded from TWCERTCC-200-202601-00000010 FortiSIEM is a next-generation Security Information and Event Management (SIEM) platform developed by Fortinet. It leverages AI and automation technologies to enhance threat detection and security operations efficiency while reducing management complexity. Recently, Fortinet released a critical security advisory (CVE-2025-64155, CVSS: 9.8). This vulnerability is an operating system command injection vulnerability that may allow unauthenticated attackers to execute unauthorized code or commands through specially crafted TCP requests. (Information Sharing Level: WHITE (Information content can be publicly disclosed) |
|||
|
[Affected Platform] FortiSIEM versions 7.0.0 through 7.0.4 FortiSIEM versions 7.1.0 through 7.1.8 FortiSIEM versions 7.2.0 through 7.2.6 FortiSIEM versions 7.3.0 through 7.3.4 FortiSIEM version 7.4.0 |
|||
|
[Recommended Actions] FortiSIEM version 7.1.9 or later FortiSIEM version 7.2.7 or later FortiSIEM version 7.3.5 or later FortiSIEM version 7.4.1 or later Note: FortiSIEM versions 6.7 and 7.0 should be migrated to a supported fixed version. |
|||
| [Reference] https://www.twcert.org.tw/tw/cp-169-10632-91641-1.html |
|||
(This notification is for informational purposes only and does not constitute a cybersecurity incident).
If you have questions or suggestions regarding this notification, please feel free to contact us.
Ministry of education information & communication security contingency platform
Website: https://info.cert.tanet.edu.tw/
Phone: +886-7-5250211
Internet Phone: 98400000
E-Mail: service@cert.tanet.edu.tw
If you have questions or suggestions regarding this notification, please feel free to contact us.
Ministry of education information & communication security contingency platform
Website: https://info.cert.tanet.edu.tw/
Phone: +886-7-5250211
Internet Phone: 98400000
E-Mail: service@cert.tanet.edu.tw
Organizer:
Computer Center