CVE-2025-54972_CVE-2025-54972

3.9 / 10

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C

Description

An improper neutralization of crlf sequences ('crlf injection') in Fortinet FortiMail 7.6.0 through 7.6.3, FortiMail 7.4.0 through 7.4.5, FortiMail 7.2 all versions, FortiMail 7.0 all versions may allow an attacker to inject headers in the response via convincing a user to click on a specifically crafted link

Basic Information

ID CVE-2025-54972

Source fortinet

Published Nov 18, 2025 at 17:01

Affected Product

Vendor Fortinet

Product FortiMail

Version 7.6.0

Affected Versions Fortinet FortiMail 7.6.0
Fortinet FortiMail 7.4.0
Fortinet FortiMail 7.2.0
Fortinet FortiMail 7.0.0

CWE Classification

CWE-93

References

fortiguard.fortinet.com /psirt/FG-IR-25-634

{
    "lastseen": "",
    "description": "An improper neutralization of crlf sequences ('crlf injection') in Fortinet FortiMail 7.6.0 through 7.6.3, FortiMail 7.4.0 through 7.4.5, FortiMail 7.2 all versions, FortiMail 7.0 all versions may allow an attacker to inject headers in the response via convincing a user to click on a specifically crafted link",
    "published": "2025-11-18T17:01:15.406Z",
    "modified": "2025-11-18T17:01:15.406Z",
    "type": "cve",
    "title": "CVE-2025-54972",
    "source": "fortinet",
    "references": "https://fortiguard.fortinet.com/psirt/FG-IR-25-634",
    "id": "CVE-2025-54972",
    "bulletinFamily": "",
    "cwe": [
        "CWE-93"
    ],
    "cvelist": null,
    "sourceData": "Fortinet FortiMail 7.6.0\nFortinet FortiMail 7.4.0\nFortinet FortiMail 7.2.0\nFortinet FortiMail 7.0.0",
    "sourceHref": "",
    "cvss": {
        "score": 3.9,
        "severity": "LOW",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "FortiMail",
    "version": "7.6.0",
    "vendor": "Fortinet",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}