FortiAnalyzer/FortiManager SQLi via JSON RPC API (7.0-7.6.4)
CVE-2025-61848 Published on April 14, 2026
An improper neutralization of special elements used in an sql command ('sql injection') vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.4, FortiAnalyzer 7.4.0 through 7.4.8, FortiAnalyzer 7.2 all versions, FortiAnalyzer 7.0 all versions, FortiAnalyzer Cloud 7.6.0 through 7.6.4, FortiAnalyzer Cloud 7.4.0 through 7.4.8, FortiAnalyzer Cloud 7.2 all versions, FortiAnalyzer Cloud 7.0 all versions, FortiManager 7.6.0 through 7.6.4, FortiManager 7.4.0 through 7.4.8, FortiManager 7.2 all versions, FortiManager 7.0 all versions, FortiManager Cloud 7.6.0 through 7.6.4, FortiManager Cloud 7.4.0 through 7.4.8, FortiManager Cloud 7.2 all versions, FortiManager Cloud 7.0 all versions may allow a privileged authenticated attacker to execute unauthorized code or commands via JSON RPC API
Vulnerability Analysis
CVE-2025-61848 is exploitable with network access, and requires user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to be very high.
Weakness Type
What is a SQL Injection Vulnerability?
The software constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.
CVE-2025-61848 has been classified to as a SQL Injection vulnerability or weakness.
Products Associated with CVE-2025-61848
Want to know whenever a new CVE is published for Fortinet products? stack.watch will email you.
Affected Versions
Fortinet FortiManager:- Version 7.6.0, <= 7.6.3 is affected.
- Version 7.6.0, <= 7.6.3 is affected.
- Version 7.6.2, <= 7.6.4 is affected.
- Version 7.6.2, <= 7.6.3 is affected.