HIGH🇬🇧 English

CVE-2025-53681

CVSS 7.2v3.1pub. 2026-05-12upd. 2026-05-15

An improper neutralization of special elements used in an SQL Command ("SQL Injection&") vulnerability [CWE-89] vulnerability in Fortinet FortiMail 7.6.0 through 7.6.3, FortiMail 7.4.0 through 7.4.5, FortiMail 7.2.0 through 7.2.8 allows an authenticated privileged attacker to execute unauthorized code or commands via specifically crafted HTTP or HTTPS requests.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
  • Fortinet Fortimail

    APP
    Fortinet
    7.2.0 – 7.2.9 (bez)7.4.0 – 7.4.6 (bez)7.6.0 – 7.6.4 (bez)
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
SQLi
CWE
Referencje

Powiązane podatności

CVE-2025-32756CRITICAL9.8⚠ KEVPL ✓ten sam produkt

Stack-based buffer overflow RCE w produktach Fortinet (FortiMail, FortiVoice i inne)

CVE-2023-47539CRITICAL9.8PL ✓ten sam produkt

FortiMail: Pominięcie uwierzytelnienia admina przez RADIUS i remote_wildcard

CVE-2021-36166CRITICAL9.8ten sam produkt

An improper authentication vulnerability in FortiMail before 7.0.1 may allow a remote attacker to efficiently ...

CVE-2021-24007CRITICAL9.8ten sam produkt

Multiple improper neutralization of special elements of SQL commands vulnerabilities in FortiMail before 6.4.4...

CVE-2020-9294CRITICAL9.8ten sam produkt

An improper authentication vulnerability in FortiMail 5.4.10, 6.0.7, 6.2.2 and earlier and FortiVoiceEntrepris...