Primary

Context

Fortinet FortiMail CRLF Header Injection Vulnerability

Vulnerability

Patched

A CRLF header injection vulnerability has been identified in Fortinet FortiMail versions 7.6.0 through 7.6.3, 7.4.0 through 7.4.5, 7.2 all versions, and 7.0 all versions. This vulnerability allows an attacker to inject headers into the response by convincing a user to click on a specially crafted link.

Impact

Exploitation of this vulnerability could lead to unauthorized header injection in the response, potentially allowing for various types of response manipulation or exploitation, depending on the injected header.

Remediation

Users can upgrade to Fortinet FortiMail 7.6.4 or above. FortiMail users on versions 7.4.0 through 7.4.5 should upgrade to the upcoming 7.4.6 or above. Users on FortiMail 7.2 or 7.0 should migrate to a fixed release.

Added: Nov 18, 2025, 5:27 PM

Updated: Nov 18, 2025, 5:27 PM

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

0.6

exploitability

6.5

remediation

7.7

relevance

1.1

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

0.6

exploitability

6.5

remediation

7.7

relevance

1.1

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Fortinet FortiMail CRLF Header Injection Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Fortinet FortiMail

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating