Vulnerability Description
An improper neutralization of special elements used in an sql command ('sql injection') vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.4, FortiAnalyzer 7.4.0 through 7.4.7, FortiAnalyzer 7.2 all versions, FortiAnalyzer 7.0 all versions, FortiAnalyzer 6.4 all versions, FortiAnalyzer-BigData 7.6.0, FortiAnalyzer-BigData 7.4.0 through 7.4.4, FortiAnalyzer-BigData 7.2 all versions, FortiAnalyzer-BigData 7.0 all versions, FortiAnalyzer-BigData 6.4 all versions, FortiAnalyzer-BigData 6.2 all versions may allow an authenticated attacker to execute unauthorized code or commands via specifically crafted requests.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Fortinet | Fortianalyzer | >= 6.4.0, < 7.4.8 |
| Fortinet | Fortianalyzer Big Data | >= 6.2.1, < 7.4.5 |
Related Weaknesses (CWE)
References
- https://fortiguard.fortinet.com/psirt/FG-IR-26-095Vendor Advisory
FAQ
What is CVE-2025-49784?
CVE-2025-49784 is a vulnerability with a CVSS score of 6.0 (MEDIUM). An improper neutralization of special elements used in an sql command ('sql injection') vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.4, FortiAnalyzer 7.4.0 through 7.4.7, FortiAnalyzer 7....
How severe is CVE-2025-49784?
CVE-2025-49784 has been rated MEDIUM with a CVSS base score of 6.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-49784?
Check the references section above for vendor advisories and patch information. Affected products include: Fortinet Fortianalyzer, Fortinet Fortianalyzer Big Data.