CVE-2025-61848

Name of the Vulnerable Software and Affected Versions FortiAnalyzer versions 7.6.0 through 7.6.4 FortiAnalyzer versions 7.4.0 through 7.4.8 FortiAnalyzer version 7.2 FortiAnalyzer version 7.0 FortiAnalyzer Cloud versions 7.6.0 through 7.6.4 FortiAnalyzer Cloud versions 7.4.0 through 7.4.8 FortiAnalyzer Cloud version 7.2 FortiAnalyzer Cloud version 7.0 FortiManager versions 7.6.0 through 7.6.4 FortiManager versions 7.4.0 through 7.4.8 FortiManager version 7.2 FortiManager version 7.0 FortiManager Cloud versions 7.6.0 through 7.6.4 FortiManager Cloud versions 7.4.0 through 7.4.8 FortiManager Cloud version 7.2 FortiManager Cloud version 7.0

Description An improper neutralization of special elements used in an SQL command, known as SQL injection, exists in the software. This issue may allow a privileged authenticated attacker to execute unauthorized code or commands via the 'JSON RPC API'.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.