Posted Date: 2025/11/26
[Vulnerability Alert] Fortinet's FortiVoice has an SQL Injection Vulnerability (CVE-2025-58692)
- Subject: [Vulnerability Alert] Fortinet's FortiVoice has an SQL Injection Vulnerability (CVE-2025-58692)
- Content:
- Forwarded from Taiwan Computer Emergency Response Team/Coordination Center Security Alert TWCERTCC-200-202511-00000015
- FortiVoice is a communication system provided by Fortinet for enterprises, integrating functions such as voice calls, conferencing, chat, and fax, supporting hybrid and remote work environments. Recently, Fortinet issued a major security vulnerability advisory (CVE-2025-58692, CVSS: 8.8). This vulnerability is an SQL injection vulnerability that allows an authenticated attacker to execute unauthorized code or commands through specially crafted HTTP or HTTPS requests.
- Affected Platforms:
- FortiVoice versions 7.0.0 through 7.0.7
- FortiVoice versions 7.2.0 through 7.2.2
- Recommended Measures:
- Please update to the following versions: FortiVoice version 7.0.8, FortiVoice version 7.2.3
- References:
Computer and Communications Center
Network Systems Group
