
PEACH
Un framework di isolamento del tenant
CVE-2025-54972 is a CRLF Header Injection vulnerability (CWE-93) in the Fortinet FortiMail webmail user GUI that allows an unauthenticated attacker to inject arbitrary HTTP headers into server responses by convincing a user to click a specially crafted link. It affects FortiMail 7.6.0 through 7.6.3, 7.4.0 through 7.4.5, all versions of 7.2, and all versions of 7.0; FortiMail 8.0 is not affected. The vulnerability was internally discovered and reported by Jaguar Perlas from the Fortinet Infosec team, with initial publication on November 18, 2025. It carries a CVSSv3 base score of 4.3 (Medium) per NVD and 3.9 (Low) per Fortinet's own advisory (FortiGuard Advisory, Red Hat CVE).
The root cause is improper neutralization of CRLF sequences (CWE-93) in the FortiMail webmail user GUI component. An attacker crafts a malicious URL containing CRLF characters (%0D%0A) that, when clicked by a victim, causes the FortiMail server to include attacker-controlled content in HTTP response headers. This is a social-engineering-dependent, network-accessible attack requiring no authentication and no elevated privileges, but does require user interaction (clicking the crafted link). The attack vector is network-based with low complexity, and exploitation is limited to integrity impact — specifically, the ability to inject arbitrary response headers (FortiGuard Advisory).
Successful exploitation allows an attacker to inject arbitrary HTTP headers into responses served to the victim user, which can facilitate secondary attacks such as HTTP response splitting, cache poisoning, cross-site scripting (via injected headers), or session fixation. The confidentiality impact is none and availability impact is none; only a low integrity impact is assessed. The attack scope is limited to the affected user's session and the FortiMail webmail interface, with no direct path to lateral movement or data exfiltration from this vulnerability alone (FortiGuard Advisory, Red Hat CVE).
%0D%0A) in a parameter that is reflected into HTTP response headers without sanitization.Set-Cookie, Location, or custom headers).%0D%0A, %0D, %0A) in query parameters or path components.Set-Cookie or Location headers in FortiMail webmail responses that were not generated by normal application logic.Fortinet has released patched versions to address this vulnerability: upgrade FortiMail 7.6.x to 7.6.4 or above, and upgrade FortiMail 7.4.x to 7.4.6 or above. Users running FortiMail 7.2 (all versions) or 7.0 (all versions) should migrate to a fixed release, as no patch will be issued for those branches. No configuration-based workaround is documented; upgrading to a fixed version is the recommended remediation (FortiGuard Advisory).
The CIS (Center for Internet Security) included this vulnerability in a broader advisory covering multiple Fortinet product vulnerabilities in November 2025 (CIS Advisory). Given the low severity rating and absence of known exploitation, the vulnerability has not generated significant community discussion or media coverage beyond standard vulnerability tracking and aggregation sites.
Fonte: Questo report è stato generato utilizzando l'intelligenza artificiale
Valutazione gratuita delle vulnerabilità
Valuta le tue pratiche di sicurezza cloud in 9 domini di sicurezza per confrontare il tuo livello di rischio e identificare le lacune nelle tue difese.
Richiedi una demo personalizzata
"La migliore esperienza utente che abbia mai visto offre piena visibilità ai carichi di lavoro cloud."
"Wiz fornisce un unico pannello di controllo per vedere cosa sta succedendo nei nostri ambienti cloud."
"Sappiamo che se Wiz identifica qualcosa come critico, in realtà lo è."