CVE-2025-24474: An Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability [CWE-89] in FortiManager 7.6.0 through 7.6.1, 7.4.0…

low2.7CVSS 3.1

AVNACLPRHUINSUCLINAN

An Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability [CWE-89] in FortiManager 7.6.0 through 7.6.1, 7.4.0 through 7.4.6, 7.2 all versions, 7.0 all versions, 6.4 all versions; FortiManager Cloud 7.4.1 through 7.4.6, 7.2 all versions, 7.0 all versions, 6.4 all versions; FortiAnalyzer 7.6.0 through 7.6.1, 7.4.0 through 7.4.6, 7.2 all versions, 7.0 all versions, 6.4 all versions; and FortiAnalyzer Cloud 7.4.1 through 7.4.6, 7.2 all versions, 7.0 all versions, 6.4 all versions may allow an authenticated attacker with high privilege to extract database information via crafted requests.

Affected

24 ranges

Vendor	Product	Version range	Fixed in
fortinet	fortianalyzer	—	—
fortinet	fortianalyzer	>= 6.4.0 < 7.4.7	7.4.7
fortinet	fortianalyzer	6.4.0 – 6.4.15	—
fortinet	fortianalyzer	7.0.0 – 7.0.14	—
fortinet	fortianalyzer	7.2.0 – 7.2.10	—
fortinet	fortianalyzer	7.4.0 – 7.4.6	—
fortinet	fortianalyzer	>= 7.6.0 < 7.6.2	7.6.2
fortinet	fortianalyzer	7.6.0 – 7.6.1	—
fortinet	fortianalyzer_cloud	>= 6.4.1 < 7.4.7	7.4.7
fortinet	fortianalyzercloud	—	—
fortinet	fortimanager	—	—
fortinet	fortimanager	>= 6.4.0 < 7.4.7	7.4.7
fortinet	fortimanager	6.4.0 – 6.4.15	—
fortinet	fortimanager	7.0.0 – 7.0.14	—
fortinet	fortimanager	7.2.0 – 7.2.10	—
fortinet	fortimanager	7.4.0 – 7.4.6	—
fortinet	fortimanager	>= 7.6.0 < 7.6.2	7.6.2
fortinet	fortimanager	7.6.0 – 7.6.1	—
fortinet	fortimanager_cloud	>= 6.4.1 < 7.4.7	7.4.7
fortinet	fortimanagercloud	—	—
msrc	cbl2_qemu_6.2.0-20_on_cbl_mariner_2.0	—	—
msrc	cbl2_qemu_6.2.0-24_on_cbl_mariner_2.0	—	—
msrc	cbl_mariner_2.0_arm	—	—
msrc	cbl_mariner_2.0_x64	—	—