CVE-2025-24474: Fortinet FortiManager and FortiAnalyzer SQL Injection Vulnerability
Fortinet has disclosed a SQL Injection vulnerability, tracked as CVE-2025-24474, affecting FortiManager and FortiAnalyzer products. A successful exploit could allow an authenticated attacker with high privileges to extract sensitive database information.
Vulnerability Details
- CVE ID: CVE-2025-24474
- Description: An Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability [CWE-89] exists in FortiManager and FortiAnalyzer. This flaw allows an authenticated attacker with high privileges to extract database information via crafted requests.
- CVSS Score: 2.7 (LOW)
- CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
- CVSS Explanation: This vulnerability has a low severity rating because it requires high privileges and only affects confidentiality. An attacker can only read limited information, not modify or disrupt the system.
- Exploit Requirements: An attacker needs to be authenticated with high-level privileges to exploit this vulnerability.
Affected Products:
- FortiManager 7.6.0 through 7.6.1, 7.4.0 through 7.4.6, 7.2 all versions, 7.0 all versions, 6.4 all versions
- FortiManager Cloud 7.4.1 through 7.4.6, 7.2 all versions, 7.0 all versions, 6.4 all versions
- FortiAnalyzer 7.6.0 through 7.6.1, 7.4.0 through 7.4.6, 7.2 all versions, 7.0 all versions, 6.4 all versions
- FortiAnalyzer Cloud 7.4.1 through 7.4.6, 7.2 all versions, 7.0 all versions, 6.4 all versions
- CWE: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
- CWE Explanation: SQL Injection occurs when user-controlled input is incorporated into an SQL query without proper sanitization. This allows an attacker to manipulate the query and potentially extract, modify, or delete data from the database.
Timeline of Events
- 2025-07-08: Vulnerability publicly disclosed.
Exploitability & Real-World Risk
While the vulnerability requires high privileges, a compromised high-privilege account could be leveraged to extract sensitive configuration data, potentially including credentials or other secrets stored in the database. This could then be used for further attacks within the network.
Recommendations
Apply the latest patches as soon as they are available from Fortinet. Review user privileges to ensure the principle of least privilege is enforced. Monitor system logs for suspicious database activity.
Technical Insight
The vulnerability lies in how the application constructs SQL queries using user-supplied input. By injecting malicious SQL code into these inputs, an attacker can bypass intended security measures and directly interact with the database.
Credit to Researcher(s)
Fortinet PSIRT
References
Tags
#CVE-2025-24474 #Fortinet #SQLInjection #Security #Cybersecurity #Vulnerability
Summary: CVE-2025-24474 is a SQL Injection vulnerability in Fortinet FortiManager and FortiAnalyzer. An authenticated attacker with high privileges could exploit this to extract sensitive database information. Apply patches as soon as available and review user privileges.
CVE ID: CVE-2025-24474
Risk Analysis: Successful exploitation could lead to the disclosure of sensitive configuration data, credentials, and other secrets stored in the database, potentially enabling further attacks.
Recommendation: Apply the latest patches from Fortinet, enforce the principle of least privilege for user accounts, and monitor system logs for suspicious database activity.
Timeline
- 2025-07-08: Vulnerability publicly disclosed by Fortinet.