Latest Fortinet FortiVoice vulnerability: CVE-2025-58692 #
Fortinet has issued an advisory for a SQL injection vulnerability of certain versions of Fortinet FortiVoice. This vulnerability may allow a remote, authenticated adversary to inject arbitrary SQL statements through specially crafted HTTP requests. The vulnerability, designated CVE-2025-58692, is rated high with a base CVSS score of 8.8.
The following versions are affected
- FortiVoice 7.0 versions from 7.0.0 through 7.0.7
- FortiVoice 7.2 versions from 7.2.0 through 7.2.2
What is Fortinet FortiVoice? #
Fortinet FortiVoice is a Voice-over-IP (VoIP) solution that provides telephony services for enterprises.
What is the impact? #
Successful exploitation of the vulnerability would allow an adversary to execute arbitrary code on the vulnerable system, potentially leading to complete system compromise.
Are updates or workarounds available? #
Upgrade affected systems to the new versions
- FortiVoice 7.0 update to 7.0.8 or newer
- FortiVoice 7.2 updated to 7.2.3 or newer.
How to find potentially vulnerable systems with runZero #
From the Asset Inventory, use the following query to locate potentially impacted assets:
hw:="Fortinet%" AND type:="SIP Gateway" AND ((osversion:>"7.2.0" AND osversion:<"7.2.3") OR (osversion:>"7.0.0" AND osversion:<"7.0.8"))
