Cyber Resilience

CVE-2025-61848

High

Published: 14 April 2026

Published
14 April 2026
Modified
20 April 2026
KEV Added
Patch
CVSS Score v3.1 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0004 12.7th percentile
Risk Priority 14 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-61848 is a high-severity SQL Injection (CWE-89) vulnerability in Fortinet Fortianalyzer. Its CVSS base score is 7.2 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 12.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 RA-5 (Vulnerability Monitoring and Scanning) and SI-10 (Information Input Validation).

Deeper analysis

CVE-2025-61848 is an SQL injection vulnerability (CWE-89) stemming from improper neutralization of special elements used in an SQL command. It affects multiple versions of Fortinet FortiAnalyzer, including 7.6.0 through 7.6.4, 7.4.0 through 7.4.8, 7.2 all versions, and 7.0 all versions, as well as the corresponding FortiAnalyzer Cloud versions. The vulnerability also impacts FortiManager 7.6.0 through 7.6.4, 7.4.0 through 7.4.8, 7.2 all versions, and 7.0 all versions, including FortiManager Cloud editions.

A privileged authenticated attacker can exploit this vulnerability over the network via the JSON RPC API with low complexity and no user interaction required. Successful exploitation enables execution of unauthorized code or commands, leading to high confidentiality, integrity, and availability impacts, as reflected in the CVSS v3.1 base score of 7.2 (AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).

The Fortinet product security incident response team advisory at https://fortiguard.fortinet.com/psirt/FG-IR-26-111 provides details on mitigation and available patches.

EU & UK References

Vulnerability details

An improper neutralization of special elements used in an sql command ('sql injection') vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.4, FortiAnalyzer 7.4.0 through 7.4.8, FortiAnalyzer 7.2 all versions, FortiAnalyzer 7.0 all versions, FortiAnalyzer Cloud 7.6.0 through 7.6.4, FortiAnalyzer Cloud 7.4.0…

more

through 7.4.8, FortiAnalyzer Cloud 7.2 all versions, FortiAnalyzer Cloud 7.0 all versions, FortiManager 7.6.0 through 7.6.4, FortiManager 7.4.0 through 7.4.8, FortiManager 7.2 all versions, FortiManager 7.0 all versions, FortiManager Cloud 7.6.0 through 7.6.4, FortiManager Cloud 7.4.0 through 7.4.8, FortiManager Cloud 7.2 all versions, FortiManager Cloud 7.0 all versions may allow a privileged authenticated attacker to execute unauthorized code or commands via JSON RPC API

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

SQL injection in network-accessible JSON RPC API of FortiManager/Analyzer directly enables exploitation of a public-facing management application for unauthorized code/command execution.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2024-35276Same product: Fortinet Fortianalyzer
CVE-2024-35275Same product: Fortinet Fortianalyzer
CVE-2024-40584Same product: Fortinet Fortianalyzer
CVE-2024-50563Same product: Fortinet Fortianalyzer
CVE-2025-49784Same product: Fortinet Fortianalyzer
CVE-2026-22828Same product: Fortinet Fortianalyzer Cloud
CVE-2024-35277Same product: Fortinet Fortimanager
CVE-2024-36512Same product: Fortinet Fortianalyzer
CVE-2024-33502Same product: Fortinet Fortianalyzer
CVE-2026-22572Same product: Fortinet Fortianalyzer

Affected Assets

fortinet
fortianalyzer
7.0.0 — 7.4.9 · 7.6.0 — 7.6.5
fortinet
fortianalyzer cloud
7.0.0 — 7.4.9 · 7.6.0 — 7.6.5
fortinet
fortimanager
7.0.0 — 7.4.9 · 7.6.0 — 7.6.5
fortinet
fortimanager cloud
7.0.0 — 7.4.9 · 7.6.0 — 7.6.5

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires validation and neutralization of special elements in JSON RPC API inputs to prevent SQL injection exploitation as described in this CVE.

prevent

Mandates timely identification, reporting, and patching of the SQL injection flaw affecting FortiAnalyzer and FortiManager versions noted in the CVE.

detect

Requires vulnerability scanning to identify SQL injection vulnerabilities like CVE-2025-61848 in affected Fortinet products before exploitation.

References