Vulnerability Details CVE-2025-52436
An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability [CWE-79] vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.1, FortiSandbox 4.4.0 through 4.4.7, FortiSandbox 4.2 all versions, FortiSandbox 4.0 all versions may allow an unauthenticated attacker to execute commands via crafted requests.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 35.0%
CVSS Severity
CVSS v3 Score 8.8
Products affected by CVE-2025-52436
-
cpe:2.3:a:fortinet:fortisandbox:4.0.0
-
cpe:2.3:a:fortinet:fortisandbox:4.0.1
-
cpe:2.3:a:fortinet:fortisandbox:4.0.2
-
cpe:2.3:a:fortinet:fortisandbox:4.0.3
-
cpe:2.3:a:fortinet:fortisandbox:4.0.4
-
cpe:2.3:a:fortinet:fortisandbox:4.0.5
-
cpe:2.3:a:fortinet:fortisandbox:4.0.6
-
cpe:2.3:a:fortinet:fortisandbox:4.1.0
-
cpe:2.3:a:fortinet:fortisandbox:4.2.0
-
cpe:2.3:a:fortinet:fortisandbox:4.2.1
-
cpe:2.3:a:fortinet:fortisandbox:4.2.2
-
cpe:2.3:a:fortinet:fortisandbox:4.2.3
-
cpe:2.3:a:fortinet:fortisandbox:4.2.4
-
cpe:2.3:a:fortinet:fortisandbox:4.2.5
-
cpe:2.3:a:fortinet:fortisandbox:4.2.6
-
cpe:2.3:a:fortinet:fortisandbox:4.2.7
-
cpe:2.3:a:fortinet:fortisandbox:4.2.8
-
cpe:2.3:a:fortinet:fortisandbox:4.4.0
-
cpe:2.3:a:fortinet:fortisandbox:4.4.1
-
cpe:2.3:a:fortinet:fortisandbox:4.4.2
-
cpe:2.3:a:fortinet:fortisandbox:4.4.3
-
cpe:2.3:a:fortinet:fortisandbox:4.4.4
-
cpe:2.3:a:fortinet:fortisandbox:4.4.5
-
cpe:2.3:a:fortinet:fortisandbox:4.4.6
-
cpe:2.3:a:fortinet:fortisandbox:4.4.7
-
cpe:2.3:a:fortinet:fortisandbox:5.0.0
-
cpe:2.3:a:fortinet:fortisandbox:5.0.1