CVE-2025-58692
published 2025-11-18CVE-2025-58692: An improper neutralization of special elements used in an SQL Command ("SQL Injection") vulnerability [CWE-89] vulnerability in Fortinet FortiVoice 7.2.0…
high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
An improper neutralization of special elements used in an SQL Command ("SQL Injection") vulnerability [CWE-89] vulnerability in Fortinet FortiVoice 7.2.0 through 7.2.2, FortiVoice 7.0.0 through 7.0.7 allows an authenticated attacker to execute unauthorized code or commands via specifically crafted HTTP or HTTPS requests.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| fortinet | fortinet | — | — |
| fortinet | fortivoice | — | — |
| fortinet | fortivoice | >= 7.0.0 < 7.0.8 | 7.0.8 |
| fortinet | fortivoice | >= 7.2.0 < 7.2.3 | 7.2.3 |
| fortinet | fortivoice | 7.2.0 – 7.2.2 | — |