CVE-2025-24474

CWE-89 — SQL Injection CWE-120 — Classic Buffer Overflow5 documents5 sources

Severity

2.7LOW

EPSS

0.0%

top 86.47%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Fortinet Fortianalyzer Fortinet Fortianalyzer Cloud Fortinet Fortimanager +1 more

Timeline

PublishedJul 8

Description

An Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability [CWE-89] in FortiManager 7.6.0 through 7.6.1, 7.4.0 through 7.4.6, 7.2 all versions, 7.0 all versions, 6.4 all versions; FortiManager Cloud 7.4.1 through 7.4.6, 7.2 all versions, 7.0 all versions, 6.4 all versions; FortiAnalyzer 7.6.0 through 7.6.1, 7.4.0 through 7.4.6, 7.2 all versions, 7.0 all versions, 6.4 all versions; and FortiAnalyzer Cloud 7.4.1 through 7.4.6, 7.2 all versions, 7.0 all ve…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:NExploitability: 1.2 | Impact: 1.4

Affected Packages6 packages

▶NVDfortinet/fortimanager_cloud6.4.1 — 7.4.7

▶NVDfortinet/fortianalyzer_cloud6.4.1 — 7.4.7

▶NVDfortinet/fortimanager6.4.0 — 7.4.7+1

▶NVDfortinet/fortianalyzer6.4.0 — 7.4.7+1

▶CVEListV5fortinet/fortimanager7.6.0 — 7.6.1+4

🔴Vulnerability Details

CVEList

CVE-2025-24474: An Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability [CWE-89] in FortiManager 7↗2025-07-08

▶

GHSA

GHSA-h86m-jj8c-794w: An Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability [CWE-89] in FortiManager 7↗2025-07-08

▶

📋Vendor Advisories

Fortinet

SQL injection in forward module↗2025-07-08

▶

Microsoft

QEMU before 8.2.0 has an integer underflow and resultant buffer overflow via a TI command when an expected non-DMA transfer length is less than the length of the available FIFO data. This occurs in es↗2024-02-13

▶