CVE-2025-52436

Name of the Vulnerable Software and Affected Versions Fortinet FortiSandbox versions 5.0.0 through 5.0.1 Fortinet FortiSandbox versions 4.4.0 through 4.4.7 Fortinet FortiSandbox version 4.2 Fortinet FortiSandbox version 4.0

Description An Improper Neutralization of Input During Web Page Generation issue exists in Fortinet FortiSandbox. This issue, identified as a Cross-site Scripting (XSS) condition, may allow an unauthenticated attacker to execute commands through crafted requests. The vulnerability affects the graphical user interface (GUI) of FortiSandbox. Successful exploitation involves injecting malicious script that, when viewed by an administrator, could lead to arbitrary command execution.

Recommendations Fortinet FortiSandbox versions 5.0.0 through 5.0.1 should be updated. Fortinet FortiSandbox versions 4.4.0 through 4.4.7 should be updated. Restrict or segment GUI access until an update can be applied. Fortinet FortiSandbox version 4.2 should be updated. Fortinet FortiSandbox version 4.0 should be updated.