CVE-2025-24474: 
Fortinet FortiManager vulnerability analysis and mitigation

CVE-2025-24474 is an SQL Injection vulnerability discovered in FortiManager and FortiAnalyzer products. The vulnerability was initially disclosed on July 8, 2025, affecting multiple versions of FortiManager (7.6.0 through 7.6.1, 7.4.0 through 7.4.6, and all versions of 7.2, 7.0, 6.4), FortiManager Cloud (7.4.1 through 7.4.6, and all versions of 7.2, 7.0, 6.4), FortiAnalyzer (7.6.0 through 7.6.1, 7.4.0 through 7.4.6, and all versions of 7.2, 7.0, 6.4), and FortiAnalyzer Cloud (7.4.1 through 7.4.6, and all versions of 7.2, 7.0, 6.4) (Fortinet Advisory, NVD).

The vulnerability is classified as an Improper Neutralization of Special Elements used in an SQL Command (CWE-89). It received a CVSS v3.1 Base Score of 2.7 (Low) with the vector string CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N, indicating network accessibility with low attack complexity but requiring high privileges (NVD).

The vulnerability allows an authenticated attacker with high privileges to extract database information through crafted requests. The impact is primarily limited to data confidentiality, with no direct impact on system integrity or availability (Fortinet Advisory).

Fortinet has released patches to address this vulnerability. Users of affected versions are advised to upgrade to the following versions: FortiAnalyzer/FortiManager 7.6.x should upgrade to version 7.6.2 or above, 7.4.x should upgrade to version 7.4.7 or above, and users of versions 7.2, 7.0, and 6.4 should migrate to a fixed release. FortiAnalyzer/FortiManager Cloud users should follow the same upgrade path (Fortinet Advisory).

The vulnerability was internally discovered and reported by Jaguar Perlas of Fortinet Burnaby InfoSec team, demonstrating Fortinet's commitment to internal security research and responsible disclosure (Fortinet Advisory).