Critical Command Injection Flaw in FortiSIEM Exploited in the Wild

A critical command injection vulnerability (CVE-2025-64155) affecting FortiSIEM was disclosed this week. Attacks exploiting this flaw have been observed shortly after, originating from multiple IP addresses. No additional technical details about the exploitation vector or precise impacts have been provided. The vulnerability was made public without any indication of an available patch at this stage.