An improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability [CWE-89] vulnerability in Fortinet FortiClientEMS 7.4.3 through 7.4.4, FortiClientEMS 7.4.0 through 7.4.1, FortiClientEMS 7.2.0 through 7.2.10, FortiClientEMS 7.0 all versions may allow an authenticated attacker with at least read-only admin permission to execute unauthorized SQL code or commands via crafted HTTP or HTTPs requests.
Metrics
Affected Vendors & Products
Advisories
No advisories yet.
Fixes
Solution
Upgrade to FortiClientEMS version 7.4.5 or above Upgrade to FortiClientEMS version 7.2.12 or above
Workaround
No workaround given by the vendor.
References
| Link | Providers |
|---|---|
| https://fortiguard.fortinet.com/psirt/FG-IR-25-735 |
|
History
Tue, 13 Jan 2026 16:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | An improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability [CWE-89] vulnerability in Fortinet FortiClientEMS 7.4.3 through 7.4.4, FortiClientEMS 7.4.0 through 7.4.1, FortiClientEMS 7.2.0 through 7.2.10, FortiClientEMS 7.0 all versions may allow an authenticated attacker with at least read-only admin permission to execute unauthorized SQL code or commands via crafted HTTP or HTTPs requests. | |
| First Time appeared |
Fortinet
Fortinet forticlientems |
|
| Weaknesses | CWE-89 | |
| CPEs | cpe:2.3:a:fortinet:forticlientems:7.0.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientems:7.0.10:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientems:7.0.11:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientems:7.0.12:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientems:7.0.13:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientems:7.0.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientems:7.0.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientems:7.0.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientems:7.0.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientems:7.0.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientems:7.0.6:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientems:7.0.7:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientems:7.0.8:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientems:7.0.9:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientems:7.2.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientems:7.2.10:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientems:7.2.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientems:7.2.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientems:7.2.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientems:7.2.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientems:7.2.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientems:7.2.6:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientems:7.2.7:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientems:7.2.8:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientems:7.2.9:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientems:7.4.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientems:7.4.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientems:7.4.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientems:7.4.4:*:*:*:*:*:*:* |
|
| Vendors & Products |
Fortinet
Fortinet forticlientems |
|
| References |
| |
| Metrics |
cvssV3_1
|
Projects
Sign in to view the affected projects.
MITRE
Status: PUBLISHED
Assigner: fortinet
Published:
Updated: 2026-01-13T16:32:28.715Z
Reserved: 2025-09-23T12:51:54.672Z
Link: CVE-2025-59922
Vulnrichment
No data.
NVD
Status : Received
Published: 2026-01-13T17:15:58.147
Modified: 2026-01-13T17:15:58.147
Link: CVE-2025-59922
Redhat
No data.
OpenCVE Enrichment
No data.
Weaknesses