Sign-up

ID

VAR-202512-0920


CVE

CVE-2025-64156


DESCRIPTION

An improper neutralization of special elements used in an sql command ('sql injection') vulnerability in Fortinet FortiVoice 7.2.0 through 7.2.2, FortiVoice 7.0.0 through 7.0.7, FortiVoice 6.4 all versions, FortiVoice 6.0 all versions may allow an authenticated privileged attacker to execute unauthorized code or commands via crafted requests

Trust: 1.0

sources: NVD: CVE-2025-64156

AFFECTED PRODUCTS

vendor:fortinetmodel:fortivoicescope:lteversion:6.0.12

Trust: 1.0

vendor:fortinetmodel:fortivoicescope:gteversion:7.2.0

Trust: 1.0

vendor:fortinetmodel:fortivoicescope:gteversion:6.0.0

Trust: 1.0

vendor:fortinetmodel:fortivoicescope:lteversion:7.2.1

Trust: 1.0

vendor:fortinetmodel:fortivoicescope:lteversion:6.4.11

Trust: 1.0

vendor:fortinetmodel:fortivoicescope:gteversion:7.0.0

Trust: 1.0

vendor:fortinetmodel:fortivoicescope:lteversion:7.0.7

Trust: 1.0

vendor:fortinetmodel:fortivoicescope:gteversion:6.4.0

Trust: 1.0

sources: NVD: CVE-2025-64156

CVSS

SEVERITY

CVSSV2

CVSSV3

psirt@fortinet.com: CVE-2025-64156
value: HIGH

Trust: 1.0

psirt@fortinet.com: CVE-2025-64156
baseSeverity: HIGH
baseScore: 7.2
vectorString: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.2
impactScore: 5.9
version: 3.1

Trust: 1.0

sources: NVD: CVE-2025-64156

PROBLEMTYPE DATA

problemtype:CWE-89

Trust: 1.0

sources: NVD: CVE-2025-64156

EXTERNAL IDS

db:NVDid:CVE-2025-64156

Trust: 1.0

sources: NVD: CVE-2025-64156

REFERENCES

url:https://fortiguard.fortinet.com/psirt/fg-ir-25-362

Trust: 1.0

sources: NVD: CVE-2025-64156

SOURCES

db:NVDid:CVE-2025-64156

LAST UPDATE DATE

2025-12-19T23:00:10.768000+00:00


SOURCES UPDATE DATE

db:NVDid:CVE-2025-64156date:2025-12-10T14:16:19.527

SOURCES RELEASE DATE

db:NVDid:CVE-2025-64156date:2025-12-09T18:16:05.070