{"api_version":"1","generated_at":"2026-04-23T05:58:00+00:00","cve":"CVE-2025-61848","urls":{"html":"https://cve.report/CVE-2025-61848","api":"https://cve.report/api/cve/CVE-2025-61848.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2025-61848","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2025-61848"},"summary":{"title":"CVE-2025-61848","description":"An improper neutralization of special elements used in an sql command ('sql injection') vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.4, FortiAnalyzer 7.4.0 through 7.4.8, FortiAnalyzer 7.2 all versions, FortiAnalyzer 7.0 all versions, FortiAnalyzer Cloud 7.6.0 through 7.6.4, FortiAnalyzer Cloud 7.4.0 through 7.4.8, FortiAnalyzer Cloud 7.2 all versions, FortiAnalyzer Cloud 7.0 all versions, FortiManager 7.6.0 through 7.6.4, FortiManager 7.4.0 through 7.4.8, FortiManager 7.2 all versions, FortiManager 7.0 all versions, FortiManager Cloud 7.6.0 through 7.6.4, FortiManager Cloud 7.4.0 through 7.4.8, FortiManager Cloud 7.2 all versions, FortiManager Cloud 7.0 all versions may allow a privileged authenticated attacker to execute unauthorized code or commands via JSON RPC API","state":"PUBLISHED","assigner":"fortinet","published_at":"2026-04-14 16:16:31","updated_at":"2026-04-20 18:05:41"},"problem_types":["CWE-89","CWE-89 Execute unauthorized code or commands"],"metrics":[{"version":"3.1","source":"psirt@fortinet.com","type":"Secondary","score":"7.2","severity":"HIGH","vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","baseScore":7.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"}},{"version":"3.1","source":"CNA","type":"CVSS","score":"6.8","severity":"MEDIUM","vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C","data":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":6.8,"baseSeverity":"MEDIUM","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"HIGH","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C","version":"3.1"}}],"references":[{"url":"https://fortiguard.fortinet.com/psirt/FG-IR-26-111","name":"https://fortiguard.fortinet.com/psirt/FG-IR-26-111","refsource":"psirt@fortinet.com","tags":["Vendor Advisory"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2025-61848","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-61848","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"Fortinet","product":"FortiManager","version":"affected 7.6.0 7.6.3 semver","platforms":[]},{"source":"CNA","vendor":"Fortinet","product":"FortiAnalyzer","version":"affected 7.6.0 7.6.3 semver","platforms":[]},{"source":"CNA","vendor":"Fortinet","product":"FortiManager Cloud","version":"affected 7.6.2 7.6.4 semver","platforms":[]},{"source":"CNA","vendor":"Fortinet","product":"FortiAnalyzer Cloud","version":"affected 7.6.2 7.6.3 semver","platforms":[]}],"timeline":[],"solutions":[{"source":"CNA","title":"","value":"Upgrade to upcoming  FortiManager version 8.0.0 or above\nUpgrade to FortiManager version 7.6.5 or above\nUpgrade to FortiManager version 7.4.9 or above\nUpgrade to FortiAnalyzer version 7.6.5 or above\nUpgrade to FortiAnalyzer version 7.4.9 or above\nUpgrade to FortiAnalyzer Cloud version 7.6.4 or above\nUpgrade to FortiManager Cloud version 7.6.5 or above","time":"","lang":"en"}],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2025","cve_id":"61848","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"fortinet","cpe5":"fortianalyzer","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":{"cve_year":"2025","cve_id":"61848","cve":"CVE-2025-61848","epss":"0.000370000","percentile":"0.111480000","score_date":"2026-04-21","updated_at":"2026-04-22 00:07:41"},"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"metrics":[{"other":{"content":{"id":"CVE-2025-61848","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"total"}],"role":"CISA Coordinator","timestamp":"2026-04-14T00:00:00+00:00","version":"2.0.3"},"type":"ssvc"}}],"providerMetadata":{"dateUpdated":"2026-04-15T03:58:25.023Z","orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP"},"title":"CISA ADP Vulnrichment"}],"cna":{"affected":[{"cpes":["cpe:2.3:o:fortinet:fortimanager:7.6.3:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:7.6.2:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:7.6.1:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:7.6.0:*:*:*:*:*:*:*"],"defaultStatus":"unaffected","product":"FortiManager","vendor":"Fortinet","versions":[{"lessThanOrEqual":"7.6.3","status":"affected","version":"7.6.0","versionType":"semver"}]},{"cpes":["cpe:2.3:o:fortinet:fortianalyzer:7.6.3:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortianalyzer:7.6.2:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortianalyzer:7.6.1:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortianalyzer:7.6.0:*:*:*:*:*:*:*"],"defaultStatus":"unaffected","product":"FortiAnalyzer","vendor":"Fortinet","versions":[{"lessThanOrEqual":"7.6.3","status":"affected","version":"7.6.0","versionType":"semver"}]},{"cpes":["cpe:2.3:a:fortinet:fortimanagercloud:7.6.4:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortimanagercloud:7.6.3:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortimanagercloud:7.6.2:*:*:*:*:*:*:*"],"defaultStatus":"unaffected","product":"FortiManager Cloud","vendor":"Fortinet","versions":[{"lessThanOrEqual":"7.6.4","status":"affected","version":"7.6.2","versionType":"semver"}]},{"cpes":["cpe:2.3:a:fortinet:fortianalyzercloud:7.6.3:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortianalyzercloud:7.6.2:*:*:*:*:*:*:*"],"defaultStatus":"unaffected","product":"FortiAnalyzer Cloud","vendor":"Fortinet","versions":[{"lessThanOrEqual":"7.6.3","status":"affected","version":"7.6.2","versionType":"semver"}]}],"descriptions":[{"lang":"en","value":"An improper neutralization of special elements used in an sql command ('sql injection') vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.4, FortiAnalyzer 7.4.0 through 7.4.8, FortiAnalyzer 7.2 all versions, FortiAnalyzer 7.0 all versions, FortiAnalyzer Cloud 7.6.0 through 7.6.4, FortiAnalyzer Cloud 7.4.0 through 7.4.8, FortiAnalyzer Cloud 7.2 all versions, FortiAnalyzer Cloud 7.0 all versions, FortiManager 7.6.0 through 7.6.4, FortiManager 7.4.0 through 7.4.8, FortiManager 7.2 all versions, FortiManager 7.0 all versions, FortiManager Cloud 7.6.0 through 7.6.4, FortiManager Cloud 7.4.0 through 7.4.8, FortiManager Cloud 7.2 all versions, FortiManager Cloud 7.0 all versions may allow a privileged authenticated attacker to execute unauthorized code or commands via JSON RPC API"}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":6.8,"baseSeverity":"MEDIUM","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"HIGH","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C","version":"3.1"},"format":"CVSS"}],"problemTypes":[{"descriptions":[{"cweId":"CWE-89","description":"Execute unauthorized code or commands","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2026-04-14T15:38:24.009Z","orgId":"6abe59d8-c742-4dff-8ce8-9b0ca1073da8","shortName":"fortinet"},"references":[{"name":"https://fortiguard.fortinet.com/psirt/FG-IR-26-111","url":"https://fortiguard.fortinet.com/psirt/FG-IR-26-111"}],"solutions":[{"lang":"en","value":"Upgrade to upcoming  FortiManager version 8.0.0 or above\nUpgrade to FortiManager version 7.6.5 or above\nUpgrade to FortiManager version 7.4.9 or above\nUpgrade to FortiAnalyzer version 7.6.5 or above\nUpgrade to FortiAnalyzer version 7.4.9 or above\nUpgrade to FortiAnalyzer Cloud version 7.6.4 or above\nUpgrade to FortiManager Cloud version 7.6.5 or above"}]}},"cveMetadata":{"assignerOrgId":"6abe59d8-c742-4dff-8ce8-9b0ca1073da8","assignerShortName":"fortinet","cveId":"CVE-2025-61848","datePublished":"2026-04-14T15:38:24.009Z","dateReserved":"2025-10-01T18:21:09.224Z","dateUpdated":"2026-04-15T03:58:25.023Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.2"},"nvd":{"publishedDate":"2026-04-14 16:16:31","lastModifiedDate":"2026-04-20 18:05:41","problem_types":["CWE-89","CWE-89 Execute unauthorized code or commands"],"metrics":{"cvssMetricV31":[{"source":"psirt@fortinet.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","baseScore":7.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.2,"impactScore":5.9}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*","versionStartIncluding":"7.0.0","versionEndExcluding":"7.4.9","matchCriteriaId":"FB8E4D80-6F2B-476C-AC28-981416A6C26D"},{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*","versionStartIncluding":"7.6.0","versionEndExcluding":"7.6.5","matchCriteriaId":"00645EEE-3E67-4B98-BB49-B23AD1D60B54"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortianalyzer_cloud:*:*:*:*:*:*:*:*","versionStartIncluding":"7.0.0","versionEndExcluding":"7.4.9","matchCriteriaId":"927AF131-67C2-4DA4-9171-7C5CCA52C7F6"},{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortianalyzer_cloud:*:*:*:*:*:*:*:*","versionStartIncluding":"7.6.0","versionEndExcluding":"7.6.5","matchCriteriaId":"EFE9F8B4-3B5B-43FC-A286-11A5DFB43393"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*","versionStartIncluding":"7.0.0","versionEndExcluding":"7.4.9","matchCriteriaId":"522F42DB-51DC-4FF2-ADA1-AB3129E939CC"},{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*","versionStartIncluding":"7.6.0","versionEndExcluding":"7.6.5","matchCriteriaId":"9F4A9AA3-C6AA-428B-AE1B-61F61658D642"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortimanager_cloud:*:*:*:*:*:*:*:*","versionStartIncluding":"7.0.0","versionEndExcluding":"7.4.9","matchCriteriaId":"3EE58778-BB43-439E-887B-F6E401A2B67C"},{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortimanager_cloud:*:*:*:*:*:*:*:*","versionStartIncluding":"7.6.0","versionEndExcluding":"7.6.5","matchCriteriaId":"CBA159E6-BBE9-4630-800A-5C4B3BAF23BB"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2025","CveId":"61848","Ordinal":"1","Title":"CVE-2025-61848","CVE":"CVE-2025-61848","Year":"2025"},"notes":[{"CveYear":"2025","CveId":"61848","Ordinal":"1","NoteData":"An improper neutralization of special elements used in an sql command ('sql injection') vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.4, FortiAnalyzer 7.4.0 through 7.4.8, FortiAnalyzer 7.2 all versions, FortiAnalyzer 7.0 all versions, FortiAnalyzer Cloud 7.6.0 through 7.6.4, FortiAnalyzer Cloud 7.4.0 through 7.4.8, FortiAnalyzer Cloud 7.2 all versions, FortiAnalyzer Cloud 7.0 all versions, FortiManager 7.6.0 through 7.6.4, FortiManager 7.4.0 through 7.4.8, FortiManager 7.2 all versions, FortiManager 7.0 all versions, FortiManager Cloud 7.6.0 through 7.6.4, FortiManager Cloud 7.4.0 through 7.4.8, FortiManager Cloud 7.2 all versions, FortiManager Cloud 7.0 all versions may allow a privileged authenticated attacker to execute unauthorized code or commands via JSON RPC API","Type":"Description","Title":"CVE-2025-61848"}]}}}