VYPR
Unrated severityNVD Advisory· Published Nov 18, 2025· Updated Jan 14, 2026

CVE-2025-54972

CVE-2025-54972

Description

An improper neutralization of crlf sequences ('crlf injection') vulnerability in Fortinet FortiMail 7.6.0 through 7.6.3, FortiMail 7.4.0 through 7.4.5, FortiMail 7.2 all versions, FortiMail 7.0 all versions may allow an attacker to inject headers in the response via convincing a user to click on a specifically crafted link

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Fortinet/Fortimailv52 versions
    cpe:2.3:a:fortinet:fortimail:7.6.3:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:fortinet:fortimail:7.6.3:*:*:*:*:*:*:*range: 7.6.0
    • (no CPE)range: 7.0.x, 7.2.x, 7.4.0-7.4.5, 7.6.0-7.6.3

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.