CVE-2025-54972
published 2025-11-18CVE-2025-54972: An improper neutralization of crlf sequences ('crlf injection') vulnerability in Fortinet FortiMail 7.6.0 through 7.6.3, FortiMail 7.4.0 through 7.4.5…
medium4.3CVSS 3.1
AVNACLPRNUIRSUCNILAN
An improper neutralization of crlf sequences ('crlf injection') vulnerability in Fortinet FortiMail 7.6.0 through 7.6.3, FortiMail 7.4.0 through 7.4.5, FortiMail 7.2 all versions, FortiMail 7.0 all versions may allow an attacker to inject headers in the response via convincing a user to click on a specifically crafted link
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| fortinet | fortimail | — | — |
| fortinet | fortimail | >= 7.0.0 < 7.4.6 | 7.4.6 |
| fortinet | fortimail | 7.0.0 – 7.0.9 | — |
| fortinet | fortimail | 7.2.0 – 7.2.9 | — |
| fortinet | fortimail | 7.4.0 – 7.4.5 | — |
| fortinet | fortimail | >= 7.6.0 < 7.6.4 | 7.6.4 |
| fortinet | fortimail | 7.6.0 – 7.6.3 | — |
| fortinet | fortinet | — | — |