CVE-2025-59922

Details

An improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability [CWE-89] vulnerability in Fortinet FortiClientEMS 7.4.3 through 7.4.4, FortiClientEMS 7.4.0 through 7.4.1, FortiClientEMS 7.2.0 through 7.2.10, FortiClientEMS 7.0 all versions may allow an authenticated attacker with at least read-only admin permission to execute unauthorized SQL code or commands via crafted HTTP or HTTPs requests.

Affected Packages

Windows:10240FortiClient

Windows:14393FortiClient

Windows:17763FortiClient

Windows:18362FortiClient

Windows:18363FortiClient

Windows:19041FortiClient

Windows:19042FortiClient

Windows:19043FortiClient

Windows:19044FortiClient

Windows:19045FortiClient

Windows:20348FortiClient

Windows:22000FortiClient

Windows:22621FortiClient

Windows:22631FortiClient

Windows:25398FortiClient

Windows:26100FortiClient

Windows:26200FortiClient

References

ADVISORYhttps://fortiguard.fortinet.com/psirt/FG-IR-25-735 ADVISORYhttps://www.cve.org/CVERecord?id=CVE-2025-59922

CVE-2025-59922

Details

Affected Packages

References

Aliases

CVSS Analysis

Weakness Type (CWE)

Ecosystems

Timeline