CVE-2025-25256

ENISA EUVD: EUVD-2025-24462 ↗
✓ Confirmed 0-Day
Triaged: March 5, 2026 5 articles Published: 2025-08-12
VulnLookup ↗ NVD ↗ EUVD ↗ MITRE ↗

EPSS Score

Source: FIRST.org · 2026-05-23
39.56%
probability
This CVE has a 39.56% probability of being exploited in the next 30 days.
0% Top 97.4th percentile of all CVEs 100%

CVSS v3.1

Source: VulnerabilityLookup (CIRCL)
9.8
CRITICAL
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Temporal
Exploit Code Maturity
High
Remediation Level
Not Defined
Report Confidence
Confirmed
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H/RL:X/RC:C

Description

VulnerabilityLookup (CNA)
An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] in Fortinet FortiSIEM version 7.3.0 through 7.3.1, 7.2.0 through 7.2.5, 7.1.0 through 7.1.7, 7.0.0 through 7.0.3 and before 6.7.9 allows an unauthenticated attacker to execute unauthorized code or commands via crafted CLI requests.

Affected Products

Fortinet
FortiSIEM
7.3.0 7.2.0 7.1.0 7.0.0 6.7.0 6.6.0

Exploits & PoC

Signal Intelligence

Confidence
85%
EPSS 39.56%
CVSS v3.1 9.8
Mentions 5
Last Seen Apr 06, 2026

CNA Information

CNA Assigner
fortinet

Analyst Note

BleepingComputer article explicitly names this as a 'FortiWeb zero-day exploited in attacks,' indicating active exploitation in the wild. CISA urgency directive (7-day patch deadline) corroborates active exploitation requiring immediate remediation. Timing aligns with recent 2025 CVE publication and exploitation reports.

Threat Actors 8

Hacking Team
apt_group 🇮🇹 IT
Volt Typhoon
apt_group Information theft and espionage 🇨🇳 CN
RomCom
apt_group Financial gain 🇷🇺 RU
Greedy Sponge
apt_group 🇲🇽 MX
Rocke
apt_group 🇨🇳 CN
Void Rabisu
apt_group Financial gain 🇷🇺 RU
Red October
apt_group 🇷🇺 RU
Mana Team
apt_group 🇨🇳 CN

Triage Info

Decided atMar 05, 2026
Published DateAug 12, 2025