← Back

CVE-2025-54972

nvd nist
Published: Nov 18, 2025Modified: Jan 14, 2026

JSON object

Loading...
4.3
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Exploitability: 2.8 / Impact: 1.4
Source: psirt@fortinet.com (Secondary)

Description

An improper neutralization of crlf sequences ('crlf injection') vulnerability in Fortinet FortiMail 7.6.0 through 7.6.3, FortiMail 7.4.0 through 7.4.5, FortiMail 7.2 all versions, FortiMail 7.0 all versions may allow an attacker to inject headers in the response via convincing a user to click on a specifically crafted link

Affected (2)

Products: Fortinet: Fortimail
Fortinet
1 product
Fortimail
Configuration A
2 vulnerable
Vulnerable SoftwareAffected Versions
Fortinet
Fortimail
From 7.0.0 to 7.4.6
Fortimail
From 7.6.0 to 7.6.4

Related CWEs

CWE-93
Improper Neutralization of CRLF Sequences ('CRLF Injection')
The product uses CRLF (carriage return line feeds) as a special element, e.g. to separate lines or records, but it does not neutralize or incorrectly neutralizes CRLF sequences from inputs.

References (1)

Source: psirt@fortinet.com
Vendor Advisory

Timeline

No history available yet.