CNNVD-202508-1256 Information
CNNVD ID
CNNVD-202508-1256
Related CVE
- CNNVD Published: 2025-08-12
Description (Chinese)
Fortinet FortiSIEM是美国飞塔(Fortinet)公司的一套安全信息和事件管理系统。该系统包括资产发现、工作流程自动化和统一管理等功能。 Fortinet FortiSIEM 7.3.0至7.3.1版本、7.2.0至7.2.5版本、7.1.0至7.1.7版本、7.0.0至7.0.3版本和6.7.9之前版本存在操作系统命令注入漏洞,该漏洞源于OS命令注入,可能导致执行任意代码。
Description (English)
Fortinet FortiSIEM is a security information and incident management system for Fortinet. The system includes features such as asset detection, workflow automation and integrated management. Fortinet FortiSIEM, Versions 7.3.0 to 7.3.1; 7.2.0 to 7.2.5; 7.1.0 to 7.1.7; 7.0.0 to 7.0.3; and previous versions 6.7.9, there is a loophole in the operating system command, which originates from an OS command injection and may lead to the enforcement of arbitrary codes.
Hazard Level
Low
Vulnerability Type
操作系统命令注入
Affected Vendor
飞塔
Published
2025-08-12
Last Modified
2026-02-24
References
https://fortiguard.fortinet.com/psirt/FG-IR-25-152 https://access.redhat.com/security/cve/cve-2025-25256
Patch
https://docs.fortinet.com/upgrade-tool/fortigate
Share on: