216.73.217.64

CVE-2025-64156

· Published 09/12/2025 18:16 · Modified 10/12/2025 14:16

Labels: CVE-2025-64156 2025-12-09CVE-2025-64156CWE-89[email protected]

Essential information

Published
09/12/2025 18:16
Modified
10/12/2025 14:16
Author
Creator
CVSS
7.2 HIGH (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CVSS metrics

Description

An improper neutralization of special elements used in an sql command ('sql injection') vulnerability in Fortinet FortiVoice 7.2.0 through 7.2.2, FortiVoice 7.0.0 through 7.0.7, FortiVoice 6.4 all versions, FortiVoice 6.0 all versions may allow an authenticated privileged attacker to execute unauthorized code or commands via crafted requests

NVD status

Status
Modified — CVE has been amended by a source (CVE Primary CNA or another CNA). Analysis data supplied by the NVD may be no longer be accurate due to these changes.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
fortinet / fortivoice cpe:2.3:a:fortinet:fortivoice:*:*:*:*:*:*:*:*
fortinet / fortivoice cpe:2.3:a:fortinet:fortivoice:*:*:*:*:*:*:*:*
fortinet / fortivoice cpe:2.3:a:fortinet:fortivoice:*:*:*:*:*:*:*:*
fortinet / fortivoice cpe:2.3:a:fortinet:fortivoice:*:*:*:*:*:*:*:*

References