CVE-2025-61848
Published: 14 April 2026
Summary
CVE-2025-61848 is a high-severity SQL Injection (CWE-89) vulnerability in Fortinet Fortianalyzer. Its CVSS base score is 7.2 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 11.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 RA-5 (Vulnerability Monitoring and Scanning) and SI-10 (Information Input Validation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly requires validation and neutralization of special elements in JSON RPC API inputs to prevent SQL injection exploitation as described in this CVE.
Mandates timely identification, reporting, and patching of the SQL injection flaw affecting FortiAnalyzer and FortiManager versions noted in the CVE.
Requires vulnerability scanning to identify SQL injection vulnerabilities like CVE-2025-61848 in affected Fortinet products before exploitation.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
SQL injection in network-accessible JSON RPC API of FortiManager/Analyzer directly enables exploitation of a public-facing management application for unauthorized code/command execution.
NVD Description
An improper neutralization of special elements used in an sql command ('sql injection') vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.4, FortiAnalyzer 7.4.0 through 7.4.8, FortiAnalyzer 7.2 all versions, FortiAnalyzer 7.0 all versions, FortiAnalyzer Cloud 7.6.0 through 7.6.4, FortiAnalyzer Cloud 7.4.0…
more
through 7.4.8, FortiAnalyzer Cloud 7.2 all versions, FortiAnalyzer Cloud 7.0 all versions, FortiManager 7.6.0 through 7.6.4, FortiManager 7.4.0 through 7.4.8, FortiManager 7.2 all versions, FortiManager 7.0 all versions, FortiManager Cloud 7.6.0 through 7.6.4, FortiManager Cloud 7.4.0 through 7.4.8, FortiManager Cloud 7.2 all versions, FortiManager Cloud 7.0 all versions may allow a privileged authenticated attacker to execute unauthorized code or commands via JSON RPC API
Deeper analysisAI
CVE-2025-61848 is an SQL injection vulnerability (CWE-89) stemming from improper neutralization of special elements used in an SQL command. It affects multiple versions of Fortinet FortiAnalyzer, including 7.6.0 through 7.6.4, 7.4.0 through 7.4.8, 7.2 all versions, and 7.0 all versions, as well as the corresponding FortiAnalyzer Cloud versions. The vulnerability also impacts FortiManager 7.6.0 through 7.6.4, 7.4.0 through 7.4.8, 7.2 all versions, and 7.0 all versions, including FortiManager Cloud editions.
A privileged authenticated attacker can exploit this vulnerability over the network via the JSON RPC API with low complexity and no user interaction required. Successful exploitation enables execution of unauthorized code or commands, leading to high confidentiality, integrity, and availability impacts, as reflected in the CVSS v3.1 base score of 7.2 (AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).
The Fortinet product security incident response team advisory at https://fortiguard.fortinet.com/psirt/FG-IR-26-111 provides details on mitigation and available patches.
Details
- CWE(s)