支持本站 — 捐款将帮助我们持续运营

目标: 1000 元,已筹: 1000

100.0%
立即捐款

POC详情: 84ee00b04bc26a894e75bf1de8574a3228faf2a1

来源
https://github.com/watchtowrlabs/watchTowr-vs-FortiSIEM-CVE-2025-25256
关联漏洞
标题:Fortinet FortiSIEM 操作系统命令注入漏洞 (CVE-2025-25256)
Description:Fortinet FortiSIEM是美国飞塔(Fortinet)公司的一套安全信息和事件管理系统。该系统包括资产发现、工作流程自动化和统一管理等功能。 Fortinet FortiSIEM 7.3.0至7.3.1版本、7.2.0至7.2.5版本、7.1.0至7.1.7版本、7.0.0至7.0.3版本和6.7.9之前版本存在操作系统命令注入漏洞,该漏洞源于OS命令注入,可能导致执行任意代码。
介绍
# watchTowr-vs-FortiSIEM-CVE-2025-25256

Detection Artifact Generator for FortiSIEM CVE-2025-25256



https://github.com/user-attachments/assets/1aa1040a-af34-460d-8844-1e440efa9ba1


See our [blog post](https://labs.watchtowr.com/) for technical details


# Detection in Action

```
python watchTowr-vs-FortiSIEM-CVE-2025-25256.py -r 192.168.8.232 -c whoami
                         __         ___  ___________
         __  _  ______ _/  |__ ____ |  |_\__    ____\____  _  ________
         \ \/ \/ \__  \    ___/ ___\|  |  \|    | /  _ \ \/ \/ \_  __ \
          \     / / __ \|  | \  \___|   Y  |    |(  <_> \     / |  | \/
           \/\_/ (____  |__|  \___  |___|__|__  | \__  / \/\_/  |__|
                                  \/          \/     \/

        watchTowr-vs-FortiSIEM-CVE-2025-25256.py

        (*) FortiSIEM Unauthenticated Remote Command Execution Detection Artifact Generator

          - Sina Kheirkhah (@SinSinology) of watchTowr (@watchTowrcyber)

        CVEs: [CVE-2025-25256]

[+] Packet Sent! ^-^

```

# Description

This script attempts to detect if FortiSIEM is vulnerable to CVE-2025-25256

# Affected Versions

The following versions of FortiSIEM are Affected

| Version | Affected | Solution |
| --- | --- | --- |
| FortiSIEM 7.4 | Not affected | Not Applicable |
| FortiSIEM 7.3 | 7.3.0 through 7.3.1 | Upgrade to 7.3.2 or above |
| FortiSIEM 7.2 | 7.2.0 through 7.2.5 | Upgrade to 7.2.6 or above |
| FortiSIEM 7.1 | 7.1.0 through 7.1.7 | Upgrade to 7.1.8 or above |
| FortiSIEM 7.0 | 7.0.0 through 7.0.3 | Upgrade to 7.0.4 or above |
| FortiSIEM 6.7 | 6.7.0 through 6.7.9 | Upgrade to 6.7.10 or above |
| FortiSIEM 6.6 | 6.6 all versions | Migrate to a fixed release |
| FortiSIEM 6.5 | 6.5 all versions | Migrate to a fixed release |
| FortiSIEM 6.4 | 6.4 all versions | Migrate to a fixed release |
| FortiSIEM 6.3 | 6.3 all versions | Migrate to a fixed release |
| FortiSIEM 6.2 | 6.2 all versions | Migrate to a fixed release |
| FortiSIEM 6.1 | 6.1 all versions | Migrate to a fixed release |
| FortiSIEM 5.4 | 5.4 all versions | Migrate to a fixed release |

For more information visit [FortiGuard Labs PSIRT](https://fortiguard.fortinet.com/psirt/FG-IR-25-152)


# Follow [watchTowr](https://watchTowr.com) Labs

For the latest security research follow the [watchTowr](https://watchTowr.com) Labs Team 

- https://labs.watchtowr.com/
- https://x.com/watchtowrcyber
文件快照

 [4.0K]  /data/pocs/84ee00b04bc26a894e75bf1de8574a3228faf2a1
├── [2.4K]  README.md
└── [2.3K]  watchTowr-vs-FortiSIEM-CVE-2025-25256.py

0 directories, 2 files
神龙机器人已为您缓存
备注
    1. 建议优先通过来源进行访问。
    2. 如果因为来源失效或无法访问,请发送邮件到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
    3. 神龙已为您对 POC 代码进行快照,为了长期维护,请考虑为本地 POC 付费/捐赠,感谢您的支持。