Fortinet FortiSandbox fortisandbox Server-Side Request Forgery Remote Code Execution Vulnerability

Fortinet FortiSandbox contains a high-severity information disclosure vulnerability (CVE-2025-67685, CVSS 8.8) that allows authenticated remote attackers to access sensitive data on vulnerable systems. An attacker with valid credentials can exploit this flaw to expose confidential information, though the advisory does not specify which data is at risk. Security teams should prioritize patching affected FortiSandbox installations and review access controls to limit who can authenticate to these systems.