CVE-2025-54972

🔶 medium

Summary

An improper neutralization of crlf sequences ('crlf injection') vulnerability in Fortinet FortiMail 7.6.0 through 7.6.3, FortiMail 7.4.0 through 7.4.5, FortiMail 7.2 all versions, FortiMail 7.0 all versions may allow an attacker to inject headers in the response via convincing a user to click on a specifically crafted link

CVSS Score

4.3

Medium

EPSS Score

0.1

Exploit Probability

Published Date

2025-11-18

First Seen: 2026-01-05

📊 Relative Risk Intelligence

This CVE is Lower Risk - more severe than 5.4% of all 326,604 vulnerabilities in our database.

#308,897

Below average severity

Severity Percentile

🎯 CISA SSVC Assessment Updated: Nov 19, 2025

🔍 Exploitation Status

None

No known exploits

⚙️ Automatable

Requires human interaction

💥 Technical Impact

Partial

Limited system impact

SSVC data provided by CISA

Last Modified 2026-01-14

Source NVD 🔗

CVSS Vector 3.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

CWE IDs (Weakness Types)

CWE-93

📦 Affected Products 2

Vendor	Product	Status	Affected Versions
fortinet	fortimail	Affected	≥ 7.0.0 < 7.4.6
fortinet	fortimail	Affected	≥ 7.6.0 < 7.6.4

🔗 References 1

https://fortiguard.fortinet.com/psirt/FG-IR-25-634

Vendor Advisory

🔗 Related CVEs 6

CVE ID	Severity	CVSS	EPSS	Summary	Published
CVE-2025-53681	⚠️ high	7.2	0.0	An improper neutralization of special elements used in an SQL Command ("SQL Injection&") vulnerability [CWE-89] vulnerab...	2026-05-12
CVE-2025-55717	🔶 medium	4.0	0.0	A cleartext storage of sensitive information vulnerability [CWE-312] vulnerability in Fortinet FortiMail 7.6.0 through 7...	2026-03-10
CVE-2024-47569	🔶 medium	4.3	0.0	A insertion of sensitive information into sent data vulnerability in Fortinet FortiMail 7.4.0 through 7.4.2, FortiMail 7...	2025-10-14
CVE-2024-40588	🔶 medium	4.4	0.0	Multiple relative path traversal vulnerabilities [CWE-23] vulnerability in Fortinet FortiCamera 2.1 all versions, FortiC...	2025-08-12
CVE-2025-32756	⛔ critical	9.8	33.1	A stack-based buffer overflow vulnerability [CWE-121] vulnerability in Fortinet FortiCamera 2.1.0 through 2.1.3, FortiCa...	2025-05-13
CVE-2023-33302	🔶 medium	4.7	0.4	A buffer copy without checking size of input ('classic buffer overflow') in Fortinet FortiMail webmail and administrati...	2025-03-31

These CVEs affect the same products