CVE-2025-61848SQL Injection in Fortinet Fortianalyzer

CWE-89SQL Injection4 documents4 sources
Severity
7.2HIGHNVD
EPSS
0.0%
top 91.53%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Fortinet FortianalyzerFortinet Fortianalyzer CloudFortinet Fortimanager+1 more
Timeline
PublishedApr 14

Description

An improper neutralization of special elements used in an sql command ('sql injection') vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.4, FortiAnalyzer 7.4.0 through 7.4.8, FortiAnalyzer 7.2 all versions, FortiAnalyzer 7.0 all versions, FortiAnalyzer Cloud 7.6.0 through 7.6.4, FortiAnalyzer Cloud 7.4.0 through 7.4.8, FortiAnalyzer Cloud 7.2 all versions, FortiAnalyzer Cloud 7.0 all versions, FortiManager 7.6.0 through 7.6.4, FortiManager 7.4.0 through 7.4.8, FortiManager 7.2 all versi

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 1.2 | Impact: 5.9

Affected Packages4 packages

CVEListV5fortinet/fortimanager_cloud7.6.27.6.4
CVEListV5fortinet/fortianalyzer_cloud7.6.27.6.3
CVEListV5fortinet/fortimanager7.6.07.6.3
CVEListV5fortinet/fortianalyzer7.6.07.6.3

🔴Vulnerability Details

2
GHSA
GHSA-p356-3hpr-4rhh: An improper neutralization of special elements used in an sql command ('sql injection') vulnerability in Fortinet FortiAnalyzer 72026-04-14
CVEList
CVE-2025-61848: An improper neutralization of special elements used in an sql command ('sql injection') vulnerability in Fortinet FortiAnalyzer 72026-04-14

📋Vendor Advisories

1
Fortinet
SQL Injection via JSON RPC API2026-04-14
CVE-2025-61848 — SQL Injection in Fortinet | cvebase