CVE-2025-52436 — Vulnetix

Try Vulnetix Request Demo

CVE-2025-52436 PUBLISHED CVSS 5.199999809265137 MEDIUM

An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability [CWE-79] vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.1, FortiSandbox 4.4.0 through 4.4.7, FortiSandbox 4.2 all versions, FortiSandbox 4.0 all versions may allow an unauthenticated attacker to execute commands via crafted requests.

EPSS 0.27% · 50.1th percentile

Risk Scores

CVSS v3.1

5.199999809265137

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N/E:P/RL:O/RC:C

EPSS Score

0.27%

50.1th percentile

Affected Products

Vendor	Product	Versions
fortinet	fortisandbox	4.0.0, 5.0.0
Fortinet	FortiOS	6.4.3, 7.4.0, 7.0.0

Timeline

Jun 16, 2025 CVE ID Reserved
Feb 10, 2026 CVE Published
Feb 11, 2026 EPSS Score
Feb 11, 2026 PoC Published
Feb 12, 2026 EPSS Score
Feb 14, 2026 EPSS Score
Feb 15, 2026 EPSS Score
Feb 17, 2026 EPSS Score
Feb 18, 2026 EPSS Score
Feb 20, 2026 EPSS Score
Feb 21, 2026 EPSS Score
Feb 23, 2026 EPSS Score

References

https://www.fortiguard.com/psirt/FG-IR-25-795 advisory
https://www.fortiguard.com/psirt/FG-IR-25-934 advisory
https://www.fortiguard.com/psirt/FG-IR-25-1052 advisory
https://www.fortiguard.com/psirt/FG-IR-25-384 advisory
https://www.fortiguard.com/psirt/FG-IR-25-093 advisory
https://www.fortiguard.com/psirt/FG-IR-25-661 advisory
https://www.fortiguard.com/psirt/FG-IR-25-528 advisory
https://www.fortiguard.com/psirt/FG-IR-25-667 advisory
https://fortiguard.fortinet.com/psirt/FG-IR-25-667 url
https://fortiguard.fortinet.com/psirt/FG-IR-25-093 advisory
https://nvd.nist.gov/vuln/detail/CVE-2025-52436 advisory

Open in Interactive Console →