Fortinet SQLi Hits FortiAnalyzer, FortiManager

/HIGH
SCW vulnerabilitycvehigh-severitysql-injectioncwe-89
Fortinet SQLi Hits FortiAnalyzer, FortiManager

The National Vulnerability Database (NVD) recently disclosed CVE-2025-61848, a high-severity SQL injection vulnerability impacting a wide range of Fortinet products. Specifically, this flaw affects FortiAnalyzer and FortiManager, including their cloud variants, across multiple versions (7.6.0-7.6.4, 7.4.0-7.4.8, and all versions of 7.2 and 7.0).

This vulnerability, classified under CWE-89, could allow a privileged, authenticated attacker to execute unauthorized code or commands. The attack vector leverages the JSON RPC API, making it a critical concern for organizations relying on these Fortinet platforms for their security operations and network management. The NVD assigns a CVSS score of 7.2 (HIGH), underscoring the potential for significant impact if exploited. Given the administrative nature of these products, a successful compromise could grant an attacker deep access and control over an organization’s security infrastructure.

Related ATT&CK Techniques

T1190 Exploit Public-Facing Application Initial Access T1505.003 Server Software Component: API Execution Initial Access T1189 Drive-by Compromise Initial Access

🛡️ Detection Rules

6 rules · 5 SIEM formats

6 auto-generated detection rules for this incident, mapped to MITRE ATT&CK. Available in Sigma, Splunk SPL, Sentinel KQL, Elastic Lucene, and QRadar AQL.

high T1190 Initial Access

Web Application Exploitation Attempt — CVE-2025-61848

Sigma Splunk SPL Sentinel KQL Elastic QRadar AQL

Get this rule in your SIEM's native format — copy, paste, detect. No manual conversion.

6 Sigma rules mapped to the ATT&CK techniques from this breach — pick your SIEM and get a ready-to-paste query.

Get Detection Rules →

Indicators of Compromise

IDTypeIndicator
CVE-2025-61848 SQLi Fortinet FortiAnalyzer versions 7.6.0 through 7.6.4, 7.4.0 through 7.4.8, 7.2 all versions, 7.0 all versions
CVE-2025-61848 SQLi Fortinet FortiAnalyzer Cloud versions 7.6.0 through 7.6.4, 7.4.0 through 7.4.8, 7.2 all versions, 7.0 all versions
CVE-2025-61848 SQLi Fortinet FortiManager versions 7.6.0 through 7.6.4, 7.4.0 through 7.4.8, 7.2 all versions, 7.0 all versions
CVE-2025-61848 SQLi Fortinet FortiManager Cloud versions 7.6.0 through 7.6.4, 7.4.0 through 7.4.8, 7.2 all versions, 7.0 all versions
CVE-2025-61848 Code Injection JSON RPC API via improper neutralization of special elements in SQL command

By Shimi's Cyber World Editorial

Related Posts

Critical RCE Flaw Hits NuGet Gallery Backend

CVE-2026-39399 — NuGet Gallery is a package repository that powers nuget.org. A security vulnerability exists in the NuGetGallery backend job’s handling of .nuspec files within...

vulnerabilityCVEcriticalhigh-severityremote-code-executioncwe-20cwe-22
/CRITICAL /⚑ 4 IOCs

BoidCMS LFI to RCE: A Critical Template Flaw

CVE-2026-39387 — BoidCMS is an open-source, PHP-based flat-file CMS for building simple websites and blogs, using JSON as its database. Versions prior to 2.1.3 are...

vulnerabilityCVEhigh-severityremote-code-executioncwe-98
/HIGH /⚑ 4 IOCs

Nanobot AI: WebSocket Hijack Puts WhatsApp Sessions at Risk

CVE-2026-35589 — nanobot is a personal AI assistant. Versions prior to 0.1.5 contain a Cross-Site WebSocket Hijacking (CSWSH) vulnerability exists in the bridge's WebSocket server...

vulnerabilityCVEhigh-severitycwe-1385
/HIGH /⚑ 5 IOCs