HIGH🇵🇱 Wersja polska

CVE-2025-53681

CVSS 7.2v3.1pub. 2026-05-12upd. 2026-05-15

An improper neutralization of special elements used in an SQL Command ("SQL Injection&") vulnerability [CWE-89] vulnerability in Fortinet FortiMail 7.6.0 through 7.6.3, FortiMail 7.4.0 through 7.4.5, FortiMail 7.2.0 through 7.2.8 allows an authenticated privileged attacker to execute unauthorized code or commands via specifically crafted HTTP or HTTPS requests.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
  • Fortinet Fortimail

    APP
    Fortinet
    7.2.0 – 7.2.9 (bez)7.4.0 – 7.4.6 (bez)7.6.0 – 7.6.4 (bez)
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
SQLi
CWE
References

Related vulnerabilities

CVE-2025-32756CRITICAL9.8⚠ KEVPL ✓ten sam produkt

Stack-based buffer overflow RCE w produktach Fortinet (FortiMail, FortiVoice i inne)

CVE-2023-47539CRITICAL9.8PL ✓ten sam produkt

FortiMail: Pominięcie uwierzytelnienia admina przez RADIUS i remote_wildcard

CVE-2021-36166CRITICAL9.8ten sam produkt

An improper authentication vulnerability in FortiMail before 7.0.1 may allow a remote attacker to efficiently ...

CVE-2021-24007CRITICAL9.8ten sam produkt

Multiple improper neutralization of special elements of SQL commands vulnerabilities in FortiMail before 6.4.4...

CVE-2020-9294CRITICAL9.8ten sam produkt

An improper authentication vulnerability in FortiMail 5.4.10, 6.0.7, 6.2.2 and earlier and FortiVoiceEntrepris...