CVE-2025-53681

Name of the Vulnerable Software and Affected Versions FortiMail versions 7.6.0 through 7.6.3 FortiMail versions 7.4.0 through 7.4.5 FortiMail versions 7.2.0 through 7.2.8

Description Improper neutralization of special elements used in an SQL command allows an authenticated privileged attacker to execute unauthorized code or commands via specifically crafted HTTP or HTTPS requests. This is an SQL Injection, which occurs when an application fails to properly sanitize user input, allowing an attacker to interfere with the queries that an application makes to its database.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.