CSIRTS // UNIFIED SECURITY ADVISORY FEEDSYS ● ONLINE · POWERED BY INTELFUSIONS.COM

CVE-2025-61848

unknowncovered by 1 sourcefirst seen 2026-04-14
CVSSv3 Score: 6.8 An improper neutralization of special elements used in an SQL command ('SQL injection') [CWE-89] in FortiAnalyzer, FortiAnalyzer Cloud, FortiManager and FortiManager Cloud may allow an authenticated privileged attacker to execute unauthorized code or commands via crafted requests. Revised on 2026-04-14 00:00:00

CSIRTS triage

What
Authenticated privileged attackers may execute unauthorized SQL commands via crafted requests.
Who is affected
Authenticated privileged users of the specified Fortinet products.
Urgency
Remediation is urgent due to the potential for database compromise.
Action
Apply security updates to mitigate SQL injection risks.

AI-assisted analysis generated from the source advisory — verify against the original.

⚡ Watch CVE-2025-61848

Get an email if CVE-2025-61848 is added to CISA KEV, gains public exploit code, or a new advisory cites it — max one per day, one-click unsubscribe.

Exploitation outlook

Advisory coverage (1)

External references

NVD record for CVE-2025-61848

CVE.org record

Embed the live status

CVE-2025-61848 live status badge — this badge updates automatically when the KEV or exploit status changes. How to embed it →

[![CVE-2025-61848 status](https://www.csirts.com/badge/CVE-2025-61848)](https://www.csirts.com/cve/CVE-2025-61848)