{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-61848", "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "state": "PUBLISHED", "assignerShortName": "fortinet", "dateReserved": "2025-10-01T18:21:09.224Z", "datePublished": "2026-04-14T15:38:24.009Z", "dateUpdated": "2026-04-15T03:58:25.023Z"}, "containers": {"cna": {"affected": [{"vendor": "Fortinet", "product": "FortiManager", "cpes": ["cpe:2.3:o:fortinet:fortimanager:7.6.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.6.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.6.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.6.0:*:*:*:*:*:*:*"], "defaultStatus": "unaffected", "versions": [{"versionType": "semver", "version": "7.6.0", "lessThanOrEqual": "7.6.3", "status": "affected"}]}, {"vendor": "Fortinet", "product": "FortiAnalyzer", "cpes": ["cpe:2.3:o:fortinet:fortianalyzer:7.6.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:7.6.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:7.6.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:7.6.0:*:*:*:*:*:*:*"], "defaultStatus": "unaffected", "versions": [{"versionType": "semver", "version": "7.6.0", "lessThanOrEqual": "7.6.3", "status": "affected"}]}, {"vendor": "Fortinet", "product": "FortiManager Cloud", "cpes": ["cpe:2.3:a:fortinet:fortimanagercloud:7.6.4:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortimanagercloud:7.6.3:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortimanagercloud:7.6.2:*:*:*:*:*:*:*"], "defaultStatus": "unaffected", "versions": [{"versionType": "semver", "version": "7.6.2", "lessThanOrEqual": "7.6.4", "status": "affected"}]}, {"vendor": "Fortinet", "product": "FortiAnalyzer Cloud", "cpes": ["cpe:2.3:a:fortinet:fortianalyzercloud:7.6.3:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortianalyzercloud:7.6.2:*:*:*:*:*:*:*"], "defaultStatus": "unaffected", "versions": [{"versionType": "semver", "version": "7.6.2", "lessThanOrEqual": "7.6.3", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "An improper neutralization of special elements used in an sql command ('sql injection') vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.4, FortiAnalyzer 7.4.0 through 7.4.8, FortiAnalyzer 7.2 all versions, FortiAnalyzer 7.0 all versions, FortiAnalyzer Cloud 7.6.0 through 7.6.4, FortiAnalyzer Cloud 7.4.0 through 7.4.8, FortiAnalyzer Cloud 7.2 all versions, FortiAnalyzer Cloud 7.0 all versions, FortiManager 7.6.0 through 7.6.4, FortiManager 7.4.0 through 7.4.8, FortiManager 7.2 all versions, FortiManager 7.0 all versions, FortiManager Cloud 7.6.0 through 7.6.4, FortiManager Cloud 7.4.0 through 7.4.8, FortiManager Cloud 7.2 all versions, FortiManager Cloud 7.0 all versions may allow a privileged authenticated attacker to execute unauthorized code or commands via JSON RPC API"}], "providerMetadata": {"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "shortName": "fortinet", "dateUpdated": "2026-04-14T15:38:24.009Z"}, "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-89", "description": "Execute unauthorized code or commands", "type": "CWE"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"version": "3.1", "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C"}}], "solutions": [{"lang": "en", "value": "Upgrade to upcoming FortiManager version 8.0.0 or above\nUpgrade to FortiManager version 7.6.5 or above\nUpgrade to FortiManager version 7.4.9 or above\nUpgrade to FortiAnalyzer version 7.6.5 or above\nUpgrade to FortiAnalyzer version 7.4.9 or above\nUpgrade to FortiAnalyzer Cloud version 7.6.4 or above\nUpgrade to FortiManager Cloud version 7.6.5 or above"}], "references": [{"name": "https://fortiguard.fortinet.com/psirt/FG-IR-26-111", "url": "https://fortiguard.fortinet.com/psirt/FG-IR-26-111"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-14T00:00:00+00:00", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3", "id": "CVE-2025-61848"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-15T03:58:25.023Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-61848", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-04-14T16:18:13.242317Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-14T16:36:57.861Z"}}], "cna": {"metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.8, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}}], "affected": [{"cpes": ["cpe:2.3:o:fortinet:fortimanager:7.6.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.6.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.6.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.6.0:*:*:*:*:*:*:*"], "vendor": "Fortinet", "product": "FortiManager", "versions": [{"status": "affected", "version": "7.6.0", "versionType": "semver", "lessThanOrEqual": "7.6.3"}], "defaultStatus": "unaffected"}, {"cpes": ["cpe:2.3:o:fortinet:fortianalyzer:7.6.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:7.6.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:7.6.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortianalyzer:7.6.0:*:*:*:*:*:*:*"], "vendor": "Fortinet", "product": "FortiAnalyzer", "versions": [{"status": "affected", "version": "7.6.0", "versionType": "semver", "lessThanOrEqual": "7.6.3"}], "defaultStatus": "unaffected"}, {"cpes": ["cpe:2.3:a:fortinet:fortimanagercloud:7.6.4:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortimanagercloud:7.6.3:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortimanagercloud:7.6.2:*:*:*:*:*:*:*"], "vendor": "Fortinet", "product": "FortiManager Cloud", "versions": [{"status": "affected", "version": "7.6.2", "versionType": "semver", "lessThanOrEqual": "7.6.4"}], "defaultStatus": "unaffected"}, {"cpes": ["cpe:2.3:a:fortinet:fortianalyzercloud:7.6.3:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortianalyzercloud:7.6.2:*:*:*:*:*:*:*"], "vendor": "Fortinet", "product": "FortiAnalyzer Cloud", "versions": [{"status": "affected", "version": "7.6.2", "versionType": "semver", "lessThanOrEqual": "7.6.3"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "Upgrade to upcoming FortiManager version 8.0.0 or above\nUpgrade to FortiManager version 7.6.5 or above\nUpgrade to FortiManager version 7.4.9 or above\nUpgrade to FortiAnalyzer version 7.6.5 or above\nUpgrade to FortiAnalyzer version 7.4.9 or above\nUpgrade to FortiAnalyzer Cloud version 7.6.4 or above\nUpgrade to FortiManager Cloud version 7.6.5 or above"}], "references": [{"url": "https://fortiguard.fortinet.com/psirt/FG-IR-26-111", "name": "https://fortiguard.fortinet.com/psirt/FG-IR-26-111"}], "descriptions": [{"lang": "en", "value": "An improper neutralization of special elements used in an sql command ('sql injection') vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.4, FortiAnalyzer 7.4.0 through 7.4.8, FortiAnalyzer 7.2 all versions, FortiAnalyzer 7.0 all versions, FortiAnalyzer Cloud 7.6.0 through 7.6.4, FortiAnalyzer Cloud 7.4.0 through 7.4.8, FortiAnalyzer Cloud 7.2 all versions, FortiAnalyzer Cloud 7.0 all versions, FortiManager 7.6.0 through 7.6.4, FortiManager 7.4.0 through 7.4.8, FortiManager 7.2 all versions, FortiManager 7.0 all versions, FortiManager Cloud 7.6.0 through 7.6.4, FortiManager Cloud 7.4.0 through 7.4.8, FortiManager Cloud 7.2 all versions, FortiManager Cloud 7.0 all versions may allow a privileged authenticated attacker to execute unauthorized code or commands via JSON RPC API"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-89", "description": "Execute unauthorized code or commands"}]}], "providerMetadata": {"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "shortName": "fortinet", "dateUpdated": "2026-04-14T15:38:24.009Z"}}}, "cveMetadata": {"cveId": "CVE-2025-61848", "state": "PUBLISHED", "dateUpdated": "2026-04-15T03:58:25.023Z", "dateReserved": "2025-10-01T18:21:09.224Z", "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "datePublished": "2026-04-14T15:38:24.009Z", "assignerShortName": "fortinet"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "An improper neutralization of special elements used in an sql command ('sql injection') vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.4, FortiAnalyzer 7.4.0 through 7.4.8, FortiAnalyzer 7.2 all versions, FortiAnalyzer 7.0 all versions, FortiAnalyzer Cloud 7.6.0 through 7.6.4, FortiAnalyzer Cloud 7.4.0 through 7.4.8, FortiAnalyzer Cloud 7.2 all versions, FortiAnalyzer Cloud 7.0 all versions, FortiManager 7.6.0 through 7.6.4, FortiManager 7.4.0 through 7.4.8, FortiManager 7.2 all versions, FortiManager 7.0 all versions, FortiManager Cloud 7.6.0 through 7.6.4, FortiManager Cloud 7.4.0 through 7.4.8, FortiManager Cloud 7.2 all versions, FortiManager Cloud 7.0 all versions may allow a privileged authenticated attacker to execute unauthorized code or commands via JSON RPC API"}], "id": "CVE-2025-61848", "lastModified": "2026-04-14T16:16:31.610", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "psirt@fortinet.com", "type": "Secondary"}]}, "published": "2026-04-14T16:16:31.610", "references": [{"source": "psirt@fortinet.com", "url": "https://fortiguard.fortinet.com/psirt/FG-IR-26-111"}], "sourceIdentifier": "psirt@fortinet.com", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-89"}], "source": "psirt@fortinet.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[7.6.0,7.6.3]"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "FortiAnalyzer", "source": "cna", "vendor": "Fortinet"}, "product": "fortianalyzer", "vendor": "fortinet"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[7.6.2,7.6.4]"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "FortiAnalyzer Cloud", "source": "cna", "vendor": "Fortinet"}, "product": "fortianalyzer_cloud", "vendor": "fortinet"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[7.6.2,7.6.4]"}}], "enrichment": {"confidence": 95.0, "confidence_source": "inferred", "scores": [{"score": 95.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "product": "fortianalyzercloud", "vendor": "fortinet"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[7.6.0,7.6.3]"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "FortiManager", "source": "cna", "vendor": "Fortinet"}, "product": "fortimanager", "vendor": "fortinet"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[7.6.2,7.6.4]"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "FortiManager Cloud", "source": "cna", "vendor": "Fortinet"}, "product": "fortimanager_cloud", "vendor": "fortinet"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[7.6.2,7.6.4]"}}], "enrichment": {"confidence": 95.0, "confidence_source": "inferred", "scores": [{"score": 95.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "product": "fortimanagercloud", "vendor": "fortinet"}], "analysis": {"en": {"generated_at": "2026-04-14T18:11:48.330385+00:00", "value": {"mitigation_remediation": ["Upgrade FortiManager to version\u202f8.0.0 or above", "Upgrade FortiManager to version\u202f7.6.5 or above", "Upgrade FortiManager to version\u202f7.4.9 or above", "Upgrade FortiAnalyzer to version\u202f7.6.5 or above", "Upgrade FortiAnalyzer to version\u202f7.4.9 or above", "Upgrade FortiAnalyzer Cloud to version\u202f7.6.4 or above", "Upgrade FortiManager Cloud to version\u202f7.6.5 or above"], "summary": {"action": "Apply patch", "impact": "SQL injection allowing code execution"}, "threat_synthesis": {"affected_systems": "The vulnerability is present in Fortinet FortiAnalyzer, FortiAnalyzer Cloud, FortiManager, and FortiManager Cloud. Affected FortiAnalyzer versions include 7.6.0 through 7.6.4, 7.4.0 through 7.4.8, all releases of 7.2 and 7.0. The same version ranges apply to FortiAnalyzer Cloud. FortiManager and FortiManager Cloud share identical affected versions, covering 7.6.0 through 7.6.4, 7.4.0 through 7.4.8, all 7.2 and 7.0 releases.", "description_and_impact": "An improper neutralization of special characters in SQL commands permits a privileged authenticated attacker to manipulate the JSON RPC API. The flaw is a classic SQL injection (CWE\u201189) that can be leveraged to execute unauthorized code or commands on the device. An attacker can read, modify, or delete data, potentially compromising the confidentiality, integrity, and availability of the management services.", "risk_and_exploitability": "The CVSS score of 6.8 indicates a moderate severity. EPSS data is not available, and the vulnerability is not listed in the CISA KEV catalog. Exploitation requires a privileged authenticated attacker who can access the JSON RPC interface, which is normally restricted to administrators. The likely attack vector is through the management API that accepts JSON RPC payloads. If an attacker gains such access, they can execute arbitrary code or commands on the device, potentially leading to full compromise of the managed network."}}}}, "created": "2026-04-15T14:41:09.655296+00:00", "title": "SQL Injection via API in FortiAnalyzer and FortiManager Allows Code Execution", "updated": "2026-04-15T15:30:06.813347+00:00", "vendors": ["fortinet", "fortinet$PRODUCT$fortianalyzer", "fortinet$PRODUCT$fortianalyzer_cloud", "fortinet$PRODUCT$fortianalyzercloud", "fortinet$PRODUCT$fortimanager", "fortinet$PRODUCT$fortimanager_cloud", "fortinet$PRODUCT$fortimanagercloud"]}