CVE-2025-49784

CWE-89 — SQL Injection5 documents5 sources

Severity

7.2HIGH

EPSS

0.1%

top 83.52%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Fortinet Fortianalyzer Fortinet Fortianalyzer BIG Data Fortinet Fortianalyzer-bigdata

Timeline

PublishedMar 10

Description

An improper neutralization of special elements used in an sql command ('sql injection') vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.4, FortiAnalyzer 7.4.0 through 7.4.7, FortiAnalyzer 7.2 all versions, FortiAnalyzer 7.0 all versions, FortiAnalyzer 6.4 all versions, FortiAnalyzer-BigData 7.6.0, FortiAnalyzer-BigData 7.4.0 through 7.4.4, FortiAnalyzer-BigData 7.2 all versions, FortiAnalyzer-BigData 7.0 all versions, FortiAnalyzer-BigData 6.4 all versions, FortiAnalyzer-BigData 6.2 al…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:LExploitability: 1.2 | Impact: 4.7

Affected Packages4 packages

▶NVDfortinet/fortianalyzer_big_data6.2.1 — 7.4.5+1

▶CVEListV5fortinet/fortianalyzer-bigdata7.6.0

▶NVDfortinet/fortianalyzer6.4.0 — 7.4.8+1

▶CVEListV5fortinet/fortianalyzer7.6.0 — 7.6.3

🔴Vulnerability Details

GHSA

GHSA-qg7h-qvr4-3q4p: An improper neutralization of special elements used in an sql command ('sql injection') vulnerability in Fortinet FortiAnalyzer 7↗2026-03-10

▶

CVEList

CVE-2025-49784: An improper neutralization of special elements used in an sql command ('sql injection') vulnerability in Fortinet FortiAnalyzer 7↗2026-03-10

▶

📋Vendor Advisories

Fortinet

SQL injection in jsonrpc api↗2026-03-10

▶

🕵️Threat Intelligence

Wiz

CVE-2025-49784 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶