← back
CVE-2025-64156

CVE-2025-64156

CVSS 6.8 MEDIUMEPSS 0.3%CWE-89
An improper neutralization of special elements used in an sql command ('sql injection') vulnerability in Fortinet FortiVoice 7.2.0 through 7.2.2, FortiVoice 7.0.0 through 7.0.7, FortiVoice 6.4 all versions, FortiVoice 6.0 all versions may allow an authenticated privileged attacker to execute unauthorized code or commands via crafted requests
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:U/RC:C
Affected products
Fortinet · FortiVoice

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://fortiguard.fortinet.com/psirt/FG-IR-25-362