Critical Fortinet FortiSIEM Vulnerability (CVE-2025-64155) Allowed Remote Root Access for Three Years

The post details the vulnerability CVE-2025-64155, a critical flaw in Fortinet FortiSIEM that enables remote code execution with root privileges. It stems from improper input validation in a system component and persisted for three years before disclosure. Researchers from Horizon3.ai explain how to exploit this flaw using specially crafted requests. The report includes proof-of-concept demonstrations and technical details about its impact.