Introduction
Unauthorized access to enterprise voice communications and sensitive call records can have immediate operational and privacy consequences. CVE-2025-58692 demonstrates how a single flaw in Fortinet FortiVoice can provide attackers with the ability to manipulate backend databases and potentially escalate privileges, even when authentication is required.
About Fortinet and FortiVoice: Fortinet is a global cybersecurity leader with a diverse portfolio including FortiGate firewalls, FortiWeb, FortiMail, and FortiVoice. FortiVoice is Fortinet's unified communications platform, widely deployed in enterprise and critical infrastructure environments for voice, conferencing, and messaging. Fortinet products are used by thousands of organizations worldwide, making vulnerabilities in these systems significant for the broader tech industry.
Technical Information
CVE-2025-58692 is an improper neutralization of special elements used in an SQL command (CWE-89) affecting FortiVoice versions 7.2.0 through 7.2.2 and 7.0.0 through 7.0.7. The vulnerability arises from insufficient input sanitization in certain HTTP or HTTPS endpoints. Authenticated attackers can inject malicious SQL statements by crafting specific requests to the FortiVoice web interface or API. The backend database interprets these injected elements as part of the SQL logic, allowing unauthorized queries or commands to be executed.
The attack requires valid credentials, but once authenticated, an attacker can target vulnerable parameters in HTTP requests. The specific injection points are not detailed in public advisories, but the root cause is the direct concatenation of user input into SQL queries without adequate parameterization or escaping. This can lead to data exfiltration, modification of call records, privilege escalation, or in some cases, remote code execution depending on the database configuration and permissions.
Fortinet addressed the vulnerability by releasing FortiVoice 7.2.3, which includes fixes for multiple SQL injection issues as documented in the official release notes. The fixes likely involve improved input validation and the use of parameterized queries to prevent injection.
Affected Systems and Versions
- FortiVoice 7.2.0 through 7.2.2
- FortiVoice 7.0.0 through 7.0.7
All configurations of these versions are vulnerable if accessible to authenticated users. The vulnerability is resolved in FortiVoice 7.2.3 and later.
Vendor Security History
Fortinet has experienced multiple critical vulnerabilities across its product lines in recent years. Notable examples include:
- CVE-2025-25257: Unauthenticated SQL injection in FortiWeb, exploited in the wild within days of disclosure.
- CVE-2025-32756: Stack-based buffer overflow in FortiVoice and other products, confirmed exploited in the wild.
- CVE-2023-48788: Critical SQL injection in FortiClientEMS, also exploited in the wild.
The frequency of severe vulnerabilities suggests ongoing challenges in secure development and code review, though Fortinet typically releases advisories and patches promptly after discovery.
