Main Vulnerability Database Vulnerabilities #VU118607

#VU118607 SQL injection in FortiVoice - CVE-2025-58692

Published: November 18, 2025

Vulnerability identifier: #VU118607

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2025-58692

CWE-ID: CWE-89

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
FortiVoice

Software vendor:
Fortinet, Inc

Description

The vulnerability allows a remote authenticated user to execute arbitrary code.

The vulnerability exists due to improper neutralization of special elements used in an sql command ('sql injection') in voice and administrative interface. An authenticated attacker can execute unauthorized code or commands via specifically crafted HTTP or HTTPS requests.

Remediation

Install update from vendor's website.

External links

https://www.fortiguard.com/psirt/FG-IR-25-666

#VU118607 SQL injection in FortiVoice - CVE-2025-58692

Description

Remediation

External links

Please verify you're human