CVE-2025-59922

Published Jan 13, 2026

Last updated 3 months ago

CVSS high 7.2

Overview

Description
An improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability [CWE-89] vulnerability in Fortinet FortiClientEMS 7.4.3 through 7.4.4, FortiClientEMS 7.4.0 through 7.4.1, FortiClientEMS 7.2.0 through 7.2.10, FortiClientEMS 7.0 all versions may allow an authenticated attacker with at least read-only admin permission to execute unauthorized SQL code or commands via crafted HTTP or HTTPs requests.
Source
psirt@fortinet.com
NVD status
Analyzed
Products
forticlientems

Risk scores

CVSS 3.1

Type
Secondary
Base score
7.2
Impact score
5.9
Exploitability score
1.2
Vector string
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Severity
HIGH

Weaknesses

psirt@fortinet.com
CWE-89

Social media

Hype score
Not currently trending

  1. CVE-2025-59922: CVE-2025-59922: When 'Read-Only' Means 'Root-Owns-You' in FortiClientEMS A critical SQL Injection vulnerability in Fortinet FortiClientEMS allows low-privileged, read-only administrators to execute arbitrary SQL commands. Because Forti... https://t.co/4eZ0XDPdpT

    @_cvereports

    16 Jan 2026

    7 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. Fortinet Forticlient EMS RCE CVE-2025-59922 and one IMG tag to rule them all https://t.co/BByxUHra0z https://t.co/2OFopW3gDg

    @secharvesterx

    14 Jan 2026

    105 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. Fortinet Forticlient EMS RCE CVE-2025-59922 and one IMG tag to rule them all https://t.co/LzWdhJ7Cbi

    @_r_netsec

    14 Jan 2026

    1875 Impressions

    6 Retweets

    11 Likes

    6 Bookmarks

    0 Replies

    1 Quote

  4. CVE-2025-59922 SQL Injection in Fortinet FortiClientEMS Versions 7.0-7.4.4 via Authenticated Request https://t.co/vqPjCsw75A

    @VulmonFeeds

    13 Jan 2026

    2 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. CVE-2025-59922 An improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability [CWE-89] vulnerability in Fortinet FortiClientEMS 7.4.3 through … https://t.co/HZpxEoiVFu

    @CVEnew

    13 Jan 2026

    135 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

Configurations

Related CVEs

  1. Fortinet FortiClient EMS Improper Access Control VulnerabilityCVE-2026-35616
  2. An improper neutralization of special elements used in an sql command ('sql injection') vulnerability in Fortinet FortiClientEMS 7.4.4 may allow an unauthenticated attacker to execute unauthorized code or commands via specifically crafted HTTP requests.CVE-2026-21643
  3. An improper authentication vulnerability [CWE-287] in Fortinet FortiClientEMS version 7.4.0 and before 7.2.4 allows an unauthenticated attacker with the knowledge of the targeted user's FCTUID and VDOM to perform operations such as uploading or tagging on behalf of the targeted user via specially crafted TCP requests.CVE-2024-32119
  4. A Relative Path Traversal vulnerability [CWE-23] in FortiClientEMS 7.4.0 through 7.4.1 and FortiClientEMS Cloud 7.4.0 through 7.4.1 may allow a remote unauthenticated attacker to perform a limited arbitrary file write on the system via upload requests.CVE-2025-22859
  5. An improper neutralization of input during web page generation ('Cross-site Scripting') [CWE-79] vulnerability in Fortinet FortiClient before 7.4.1 may allow the EMS administrator to send messages containing javascript code.CVE-2025-22855

References

Sources include official advisories and independent security research.