【Vulnerability Alert】An SQL injection vulnerability (CVE-2025-58692) has been identified in Fortinet FortiVoice.

publish date : 2025-11-21 update date : 2025-11-21

Source: Ministry of education information & communication security contingency platform

"" "" ""

Publication Number TACERT-ANA-2025111903114444 Publication Time 2025/11/19 15:02
Incident Type ANA-Vulnerability Alert Discovery Time 2025/11/19 15:02
Impact Level Low  
[Subject]
【Vulnerability Alert】An SQL injection vulnerability (CVE-2025-58692) has been identified in Fortinet FortiVoice.
[Content]
Forwarded from TWCERTCC-200-202511-00000015

FortiVoice is a communication system solution by Fortinet that integrates functions such as voice calls, conferencing, chat, and fax, and supports hybrid and remote work environments. Recently, Fortinet released a significant security advisory (CVE-2025-58692, CVSS: 8.8). This vulnerability is an SQL injection issue that allows an authenticated attacker to execute unauthorized code or commands through specially crafted HTTP or HTTPS requests.

Information Sharing Level: WHITE (Information content can be publicly disclosed)
[Affected Platform]
FortiVoice versions 7.0.0 through 7.0.7 FortiVoice versions 7.2.0 through 7.2.2
[Recommended Actions]
Please update to the following versions: FortiVoice 7.0.8 and FortiVoice 7.2.3.
[Reference]
https://wwwtwcert.org.tw/tw/cp-169-10518-7c952-1.html
(This notification is for informational purposes only and does not constitute a cybersecurity incident).
If you have questions or suggestions regarding this notification, please feel free to contact us.
Ministry of education information & communication security contingency platform
Website: https://info.cert.tanet.edu.tw/
Phone: +886-7-5250211
Internet Phone: 98400000
E-Mail: service@cert.tanet.edu.tw
Organizer: Computer Center