CVEDB API

Vulnerabilities

Vulnerable Software

Fortinet: >> Forticlientems >> 7.4.1 Security Vulnerabilities

CVE-2025-59922

An improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability [CWE-89] vulnerability in Fortinet FortiClientEMS 7.4.3 through 7.4.4, FortiClientEMS 7.4.0 through 7.4.1, FortiClientEMS 7.2.0 through 7.2.10, FortiClientEMS 7.0 all versions may allow an authenticated attacker with at least read-only admin permission to execute unauthorized SQL code or commands via crafted HTTP or HTTPs requests.

CVSS Score

7.2

EPSS Score

0.001

Published

2026-01-13

CVE-2023-48786

A server-side request forgery vulnerability [CWE-918] in Fortinet FortiClientEMS version 7.4.0 through 7.4.2 and before 7.2.6 may allow an authenticated attacker to perform internal requests via crafted HTTP or HTTPS requests.

CVSS Score

4.3

EPSS Score

0.0

Published

2025-06-10

CVE-2025-22859

A Relative Path Traversal vulnerability [CWE-23] in FortiClientEMS 7.4.0 through 7.4.1 and FortiClientEMS Cloud 7.4.0 through 7.4.1 may allow a remote unauthenticated attacker to perform a limited arbitrary file write on the system via upload requests.

CVSS Score

5.3

EPSS Score

0.001

Published

2025-05-13

CVE-2025-22855

An improper neutralization of input during web page generation ('Cross-site Scripting') [CWE-79] vulnerability in Fortinet FortiClient before 7.4.1 may allow the EMS administrator to send messages containing javascript code.

CVSS Score

2.7

EPSS Score

0.0

Published

2025-04-08

Page 1

Vulnerabilities

Vulnerable Software

Fortinet: >> Forticlientems >> 7.4.1 Security Vulnerabilities

Products

Pricing

Contact Us