[Vulnerability Alert] Fortinet's FortiVoice has an SQL Injection Vulnerability (CVE-2025-58692)

• Subject: [Vulnerability Alert] Fortinet's FortiVoice has an SQL Injection Vulnerability (CVE-2025-58692)

• Content:
  • Forwarded from Taiwan Computer Emergency Response Team/Coordination Center Security Alert TWCERTCC-200-202511-00000015
  • FortiVoice is a communication system provided by Fortinet for enterprises, integrating functions such as voice calls, conferencing, chat, and fax, supporting hybrid and remote work environments. Recently, Fortinet issued a major security vulnerability advisory (CVE-2025-58692, CVSS: 8.8). This vulnerability is an SQL injection vulnerability that allows an authenticated attacker to execute unauthorized code or commands through specially crafted HTTP or HTTPS requests.
• Affected Platforms:
  • FortiVoice versions 7.0.0 through 7.0.7
  • FortiVoice versions 7.2.0 through 7.2.2
• Recommended Measures:
  • Please update to the following versions: FortiVoice version 7.0.8, FortiVoice version 7.2.3
• References:
  1. https://wwwtwcert.org.tw/tw/cp-169-10518-7…

Computer and Communications Center
Network Systems Group