CVE-2025-54972

Name of the Vulnerable Software and Affected Versions Fortinet FortiMail versions 7.0 through 7.2 Fortinet FortiMail versions 7.4.0 through 7.4.5 Fortinet FortiMail versions 7.6.0 through 7.6.3

Description A flaw exists in Fortinet FortiMail that allows for the injection of headers in responses. This occurs due to improper handling of carriage return and line feed (CRLF) sequences. An attacker can exploit this by convincing a user to click a specially designed link. The issue impacts the application's ability to properly sanitize user-supplied input, potentially leading to malicious header injection.

Recommendations Update FortiMail versions prior to 7.6.4. Update FortiMail versions prior to 7.4.6. Update FortiMail versions prior to 7.2.1. Update FortiMail versions prior to 7.0.1.