CVE-2025-61886

| EUVD-2025-209455 MEDIUM
2026-04-14 fortinet GHSA-pr8g-5jxw-8fhj
Fortinet XSS Fortisandbox Paas Fortisandbox
5.4
CVSS 3.1
Share

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
Low
Integrity
Low
Availability
None

Lifecycle Timeline

2
Analysis Generated
Apr 14, 2026 - 17:05 vuln.today
CVSS Changed
Apr 14, 2026 - 16:22 NVD
4.9 (MEDIUM) 5.4 (MEDIUM)

DescriptionNVD

An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability [CWE-79] vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.4, FortiSandbox PaaS 5.0.0 through 5.0.4 may allow an attacker to perform an XSS attack via crafted HTTP requests.

AnalysisAI

Reflected cross-site scripting (XSS) in Fortinet FortiSandbox and FortiSandbox PaaS versions 5.0.0 through 5.0.4 allows unauthenticated remote attackers to inject malicious scripts via crafted HTTP requests. Exploitation requires user interaction (clicking a malicious link), resulting in session hijacking, credential theft, or malware distribution to administrators accessing the FortiSandbox web interface. No public exploit code or active exploitation has been confirmed at time of analysis.

Technical ContextAI

FortiSandbox is Fortinet's file sandboxing and threat analysis platform deployed in security infrastructure to isolate and detonate suspicious files. The vulnerability exists in the web application's input validation layer during HTTP request processing, where user-supplied parameters are reflected in HTML responses without proper output encoding or sanitization. This is a classic reflected XSS (CWE-79: Improper Neutralization of Input During Web Page Generation), where the application fails to escape HTML metacharacters, allowing attackers to break out of data context and inject arbitrary JavaScript. The affected CPE products (cpe:2.3:a:fortinet:fortisandbox:*:*:*:*:*:*:*:* and cpe:2.3:a:fortinet:fortisandbox_paas:*:*:*:*:*:*:*:*) indicate the vulnerability spans both on-premises FortiSandbox deployments and the cloud-hosted PaaS variant, both critical in enterprise threat detection workflows.

Affected ProductsAI

Fortinet FortiSandbox versions 5.0.0 through 5.0.4 (CPE: cpe:2.3:a:fortinet:fortisandbox:*:*:*:*:*:*:*:*) and Fortinet FortiSandbox PaaS versions 5.0.0 through 5.0.4 (CPE: cpe:2.3:a:fortinet:fortisandbox_paas:*:*:*:*:*:*:*:*) are affected. Details are available in the Fortinet security advisory at https://fortiguard.fortinet.com/psirt/FG-IR-26-109.

RemediationAI

Upgrade FortiSandbox and FortiSandbox PaaS to version 5.0.5 or later as released by Fortinet. Organizations unable to upgrade immediately should restrict web interface access to trusted networks via firewall rules, disable remote management if not required, and monitor access logs for suspicious HTTP requests containing script tags or HTML entities in parameters. For cloud-hosted PaaS deployments, contact Fortinet Support to confirm patching status of your tenant. Detailed remediation guidance is available at https://fortiguard.fortinet.com/psirt/FG-IR-26-109.

Share

CVE-2025-61886 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy