{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2025-61848","assignerOrgId":"6abe59d8-c742-4dff-8ce8-9b0ca1073da8","state":"PUBLISHED","assignerShortName":"fortinet","dateReserved":"2025-10-01T18:21:09.224Z","datePublished":"2026-04-14T15:38:24.009Z","dateUpdated":"2026-04-15T03:58:25.023Z"},"containers":{"cna":{"affected":[{"vendor":"Fortinet","product":"FortiManager","cpes":["cpe:2.3:o:fortinet:fortimanager:7.6.3:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:7.6.2:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:7.6.1:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:7.6.0:*:*:*:*:*:*:*"],"defaultStatus":"unaffected","versions":[{"versionType":"semver","version":"7.6.0","lessThanOrEqual":"7.6.3","status":"affected"}]},{"vendor":"Fortinet","product":"FortiAnalyzer","cpes":["cpe:2.3:o:fortinet:fortianalyzer:7.6.3:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortianalyzer:7.6.2:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortianalyzer:7.6.1:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortianalyzer:7.6.0:*:*:*:*:*:*:*"],"defaultStatus":"unaffected","versions":[{"versionType":"semver","version":"7.6.0","lessThanOrEqual":"7.6.3","status":"affected"}]},{"vendor":"Fortinet","product":"FortiManager Cloud","cpes":["cpe:2.3:a:fortinet:fortimanagercloud:7.6.4:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortimanagercloud:7.6.3:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortimanagercloud:7.6.2:*:*:*:*:*:*:*"],"defaultStatus":"unaffected","versions":[{"versionType":"semver","version":"7.6.2","lessThanOrEqual":"7.6.4","status":"affected"}]},{"vendor":"Fortinet","product":"FortiAnalyzer Cloud","cpes":["cpe:2.3:a:fortinet:fortianalyzercloud:7.6.3:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortianalyzercloud:7.6.2:*:*:*:*:*:*:*"],"defaultStatus":"unaffected","versions":[{"versionType":"semver","version":"7.6.2","lessThanOrEqual":"7.6.3","status":"affected"}]}],"descriptions":[{"lang":"en","value":"An improper neutralization of special elements used in an sql command ('sql injection') vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.4, FortiAnalyzer 7.4.0 through 7.4.8, FortiAnalyzer 7.2 all versions, FortiAnalyzer 7.0 all versions, FortiAnalyzer Cloud 7.6.0 through 7.6.4, FortiAnalyzer Cloud 7.4.0 through 7.4.8, FortiAnalyzer Cloud 7.2 all versions, FortiAnalyzer Cloud 7.0 all versions, FortiManager 7.6.0 through 7.6.4, FortiManager 7.4.0 through 7.4.8, FortiManager 7.2 all versions, FortiManager 7.0 all versions, FortiManager Cloud 7.6.0 through 7.6.4, FortiManager Cloud 7.4.0 through 7.4.8, FortiManager Cloud 7.2 all versions, FortiManager Cloud 7.0 all versions may allow a privileged authenticated attacker to execute unauthorized code or commands via JSON RPC API"}],"providerMetadata":{"orgId":"6abe59d8-c742-4dff-8ce8-9b0ca1073da8","shortName":"fortinet","dateUpdated":"2026-04-14T15:38:24.009Z"},"problemTypes":[{"descriptions":[{"lang":"en","cweId":"CWE-89","description":"Execute unauthorized code or commands","type":"CWE"}]}],"metrics":[{"format":"CVSS","cvssV3_1":{"version":"3.1","attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":6.8,"baseSeverity":"MEDIUM","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"HIGH","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C"}}],"solutions":[{"lang":"en","value":"Upgrade to upcoming  FortiManager version 8.0.0 or above\nUpgrade to FortiManager version 7.6.5 or above\nUpgrade to FortiManager version 7.4.9 or above\nUpgrade to FortiAnalyzer version 7.6.5 or above\nUpgrade to FortiAnalyzer version 7.4.9 or above\nUpgrade to FortiAnalyzer Cloud version 7.6.4 or above\nUpgrade to FortiManager Cloud version 7.6.5 or above"}],"references":[{"name":"https://fortiguard.fortinet.com/psirt/FG-IR-26-111","url":"https://fortiguard.fortinet.com/psirt/FG-IR-26-111"}]},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2026-04-14T00:00:00+00:00","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"total"}],"role":"CISA Coordinator","version":"2.0.3","id":"CVE-2025-61848"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2026-04-15T03:58:25.023Z"}}]}}