CVE-2025-49784

Name of the Vulnerable Software and Affected Versions Fortinet FortiAnalyzer versions 6.2 through 7.6.4 Fortinet FortiAnalyzer-BigData versions 6.2 through 7.6.0 Fortinet FortiAnalyzer-BigData versions 7.4.0 through 7.4.4

Description This issue involves an improper neutralization of special elements within SQL commands, commonly known as SQL injection. An authenticated attacker could potentially execute unauthorized code or commands by sending specifically crafted requests. The vulnerability exists in Fortinet FortiAnalyzer and Fortinet FortiAnalyzer-BigData.

Recommendations Fortinet FortiAnalyzer version 6.2 should be updated. Fortinet FortiAnalyzer versions 6.3 and 6.4 should be updated. Fortinet FortiAnalyzer version 7.0 should be updated. Fortinet FortiAnalyzer version 7.2 should be updated. Fortinet FortiAnalyzer versions 7.4.0 through 7.4.7 should be updated. Fortinet FortiAnalyzer versions 7.6.0 through 7.6.4 should be updated. Fortinet FortiAnalyzer-BigData version 6.2 should be updated. Fortinet FortiAnalyzer-BigData version 7.0 should be updated. Fortinet FortiAnalyzer-BigData version 7.2 should be updated. Fortinet FortiAnalyzer-BigData versions 7.4.0 through 7.4.4 should be updated. Fortinet FortiAnalyzer-BigData version 7.6.0 should be updated.