Sign-up

ID

VAR-202511-1634


CVE

CVE-2025-58692


DESCRIPTION

An improper neutralization of special elements used in an SQL Command ("SQL Injection") vulnerability [CWE-89] in Fortinet FortiVoice 7.2.0 through 7.2.2, FortiVoice 7.0.0 through 7.0.7 allows an authenticated attacker to execute unauthorized code or commands via specifically crafted HTTP or HTTPS requests.

Trust: 1.0

sources: NVD: CVE-2025-58692

AFFECTED PRODUCTS

vendor:fortinetmodel:fortivoicescope:gteversion:7.0.0

Trust: 1.0

vendor:fortinetmodel:fortivoicescope:ltversion:7.2.3

Trust: 1.0

vendor:fortinetmodel:fortivoicescope:gteversion:7.2.0

Trust: 1.0

vendor:fortinetmodel:fortivoicescope:ltversion:7.0.8

Trust: 1.0

sources: NVD: CVE-2025-58692

CVSS

SEVERITY

CVSSV2

CVSSV3

psirt@fortinet.com: CVE-2025-58692
value: HIGH

Trust: 1.0

psirt@fortinet.com: CVE-2025-58692
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

sources: NVD: CVE-2025-58692

PROBLEMTYPE DATA

problemtype:CWE-89

Trust: 1.0

sources: NVD: CVE-2025-58692

EXTERNAL IDS

db:NVDid:CVE-2025-58692

Trust: 1.0

sources: NVD: CVE-2025-58692

REFERENCES

url:https://fortiguard.fortinet.com/psirt/fg-ir-25-666

Trust: 1.0

sources: NVD: CVE-2025-58692

SOURCES

db:NVDid:CVE-2025-58692

LAST UPDATE DATE

2025-11-20T23:10:23.691000+00:00


SOURCES UPDATE DATE

db:NVDid:CVE-2025-58692date:2025-11-20T14:36:17.687

SOURCES RELEASE DATE

db:NVDid:CVE-2025-58692date:2025-11-18T17:16:06.963