Sign-up

ID

VAR-202512-0954


CVE

CVE-2025-54353


TITLE

Fortinet FortiSandbox hcproxy Cross-Site Scripting Remote Code Execution Vulnerability

Trust: 0.7

sources: ZDI: ZDI-25-1098

DESCRIPTION

An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability [CWE-79] vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.2, FortiSandbox 4.4.0 through 4.4.7, FortiSandbox 4.2 all versions, FortiSandbox 4.0 all versions may allow an attacker to perform an XSS attack via crafted HTTP requests. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fortinet FortiSandbox. Minimal user interaction is required to exploit this vulnerability.The specific flaw exists within the handling of HA cluster paths. The issue results from the lack of proper validation of user-supplied data, which can lead to the injection of arbitrary script. An attacker can leverage this vulnerability to interact with the application in the context of a target user

Trust: 1.53

sources: NVD: CVE-2025-54353 // ZDI: ZDI-25-1098

AFFECTED PRODUCTS

vendor:fortinetmodel:fortisandboxscope:gteversion:4.0.0

Trust: 1.0

vendor:fortinetmodel:fortisandboxscope:lteversion:4.4.7

Trust: 1.0

vendor:fortinetmodel:fortisandboxscope:lteversion:4.2.8

Trust: 1.0

vendor:fortinetmodel:fortisandboxscope:lteversion:5.0.2

Trust: 1.0

vendor:fortinetmodel:fortisandboxscope:gteversion:5.0.0

Trust: 1.0

vendor:fortinetmodel:fortisandboxscope:gteversion:4.4.0

Trust: 1.0

vendor:fortinetmodel:fortisandboxscope:lteversion:4.0.6

Trust: 1.0

vendor:fortinetmodel:fortisandboxscope:gteversion:4.2.0

Trust: 1.0

vendor:fortinetmodel:fortisandboxscope: - version: -

Trust: 0.7

sources: ZDI: ZDI-25-1098 // NVD: CVE-2025-54353

CVSS

SEVERITY

CVSSV2

CVSSV3

psirt@fortinet.com: CVE-2025-54353
value: MEDIUM

Trust: 1.0

nvd@nist.gov: CVE-2025-54353
value: MEDIUM

Trust: 1.0

ZDI: CVE-2025-54353
value: MEDIUM

Trust: 0.7

psirt@fortinet.com: CVE-2025-54353
baseSeverity: MEDIUM
baseScore: 5.4
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 2.5
version: 3.1

Trust: 1.0

nvd@nist.gov: CVE-2025-54353
baseSeverity: MEDIUM
baseScore: 6.1
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 2.7
version: 3.1

Trust: 1.0

ZDI: CVE-2025-54353
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: LOW
exploitabilityScore: 2.1
impactScore: 3.4
version: 3.0

Trust: 0.7

sources: ZDI: ZDI-25-1098 // NVD: CVE-2025-54353 // NVD: CVE-2025-54353

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.0

sources: NVD: CVE-2025-54353

PATCH

title:Fortinet has issued an update to correct this vulnerability.url:https://fortiguard.fortinet.com/psirt/FG-IR-25-477

Trust: 0.7

sources: ZDI: ZDI-25-1098

EXTERNAL IDS

db:NVDid:CVE-2025-54353

Trust: 1.7

db:ZDI_CANid:ZDI-CAN-27306

Trust: 0.7

db:ZDIid:ZDI-25-1098

Trust: 0.7

sources: ZDI: ZDI-25-1098 // NVD: CVE-2025-54353

REFERENCES

url:https://fortiguard.fortinet.com/psirt/fg-ir-25-477

Trust: 1.7

sources: ZDI: ZDI-25-1098 // NVD: CVE-2025-54353

CREDITS

Jason McFadyen of Trend Research

Trust: 0.7

sources: ZDI: ZDI-25-1098

SOURCES

db:ZDIid:ZDI-25-1098
db:NVDid:CVE-2025-54353

LAST UPDATE DATE

2025-12-20T23:30:45.405000+00:00


SOURCES UPDATE DATE

db:ZDIid:ZDI-25-1098date:2025-12-16T00:00:00
db:NVDid:CVE-2025-54353date:2025-12-09T20:10:23.677

SOURCES RELEASE DATE

db:ZDIid:ZDI-25-1098date:2025-12-16T00:00:00
db:NVDid:CVE-2025-54353date:2025-12-09T18:15:53.973