{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2025-64156","assignerOrgId":"6abe59d8-c742-4dff-8ce8-9b0ca1073da8","state":"PUBLISHED","assignerShortName":"fortinet","dateReserved":"2025-10-28T12:26:50.750Z","datePublished":"2025-12-09T17:18:45.540Z","dateUpdated":"2026-02-26T16:57:01.257Z"},"containers":{"cna":{"affected":[{"vendor":"Fortinet","product":"FortiVoice","cpes":["cpe:2.3:a:fortinet:fortivoice:7.2.1:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortivoice:7.2.0:*:*:*:*:*:*:*"],"defaultStatus":"unaffected","versions":[{"versionType":"semver","version":"7.2.0","lessThanOrEqual":"7.2.1","status":"affected"}]}],"descriptions":[{"lang":"en","value":"An improper neutralization of special elements used in an sql command ('sql injection') vulnerability in Fortinet FortiVoice 7.2.0 through 7.2.2, FortiVoice 7.0.0 through 7.0.7, FortiVoice 6.4 all versions, FortiVoice 6.0 all versions may allow an authenticated privileged attacker to execute unauthorized code or commands via crafted requests"}],"providerMetadata":{"orgId":"6abe59d8-c742-4dff-8ce8-9b0ca1073da8","shortName":"fortinet","dateUpdated":"2026-01-14T09:19:17.806Z"},"problemTypes":[{"descriptions":[{"lang":"en","cweId":"CWE-89","description":"Execute unauthorized code or commands","type":"CWE"}]}],"metrics":[{"format":"CVSS","cvssV3_1":{"version":"3.1","attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":6.8,"baseSeverity":"MEDIUM","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"HIGH","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:U/RC:C"}}],"solutions":[{"lang":"en","value":"Upgrade to FortiVoice version 7.2.3 or above\nUpgrade to FortiVoice version 7.0.8 or above"}],"references":[{"name":"https://fortiguard.fortinet.com/psirt/FG-IR-25-362","url":"https://fortiguard.fortinet.com/psirt/FG-IR-25-362"}]},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"id":"CVE-2025-64156","role":"CISA Coordinator","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"total"}],"version":"2.0.3","timestamp":"2025-12-10T04:57:31.437060Z"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2026-02-26T16:57:01.257Z"}}]}}