Sign-up

ID

VAR-202511-1634


CVE

CVE-2025-58692


TITLE

fortinet's  FortiVoice  In  SQL  Injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2025-020608

DESCRIPTION

An improper neutralization of special elements used in an SQL Command ("SQL Injection") vulnerability [CWE-89] in Fortinet FortiVoice 7.2.0 through 7.2.2, FortiVoice 7.0.0 through 7.0.7 allows an authenticated attacker to execute unauthorized code or commands via specifically crafted HTTP or HTTPS requests. fortinet's FortiVoice for, SQL There is an injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 1.62

sources: NVD: CVE-2025-58692 // JVNDB: JVNDB-2025-020608

AFFECTED PRODUCTS

vendor:fortinetmodel:fortivoicescope:gteversion:7.0.0

Trust: 1.0

vendor:fortinetmodel:fortivoicescope:ltversion:7.2.3

Trust: 1.0

vendor:fortinetmodel:fortivoicescope:gteversion:7.2.0

Trust: 1.0

vendor:fortinetmodel:fortivoicescope:ltversion:7.0.8

Trust: 1.0

vendor:フォーティネットmodel:fortivoicescope:eqversion:7.2.0 that's all 7.2.3

Trust: 0.8

vendor:フォーティネットmodel:fortivoicescope:eqversion: -

Trust: 0.8

vendor:フォーティネットmodel:fortivoicescope:eqversion:7.0.0 that's all 7.0.8

Trust: 0.8

sources: JVNDB: JVNDB-2025-020608 // NVD: CVE-2025-58692

CVSS

SEVERITY

CVSSV2

CVSSV3

psirt@fortinet.com: CVE-2025-58692
value: HIGH

Trust: 1.0

OTHER: JVNDB-2025-020608
value: HIGH

Trust: 0.8

psirt@fortinet.com: CVE-2025-58692
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

OTHER: JVNDB-2025-020608
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2025-020608 // NVD: CVE-2025-58692

PROBLEMTYPE DATA

problemtype:CWE-89

Trust: 1.0

problemtype:SQL injection (CWE-89) [ others ]

Trust: 0.8

sources: JVNDB: JVNDB-2025-020608 // NVD: CVE-2025-58692

PATCH

title:FG-IR-25-666url:https://fortiguard.fortinet.com/psirt/FG-IR-25-666

Trust: 0.8

sources: JVNDB: JVNDB-2025-020608

EXTERNAL IDS

db:NVDid:CVE-2025-58692

Trust: 2.6

db:JVNDBid:JVNDB-2025-020608

Trust: 0.8

sources: JVNDB: JVNDB-2025-020608 // NVD: CVE-2025-58692

REFERENCES

url:https://fortiguard.fortinet.com/psirt/fg-ir-25-666

Trust: 1.0

url:https://nvd.nist.gov/vuln/detail/cve-2025-58692

Trust: 0.8

sources: JVNDB: JVNDB-2025-020608 // NVD: CVE-2025-58692

SOURCES

db:JVNDBid:JVNDB-2025-020608
db:NVDid:CVE-2025-58692

LAST UPDATE DATE

2025-12-20T23:46:54.174000+00:00


SOURCES UPDATE DATE

db:JVNDBid:JVNDB-2025-020608date:2025-11-28T09:21:00
db:NVDid:CVE-2025-58692date:2025-11-20T14:36:17.687

SOURCES RELEASE DATE

db:JVNDBid:JVNDB-2025-020608date:2025-11-28T00:00:00
db:NVDid:CVE-2025-58692date:2025-11-18T17:16:06.963