Sign-up

ID

VAR-202602-1079


CVE

CVE-2025-52436


TITLE

fortinet's FortiSandbox Cross-site scripting vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2026-004182

DESCRIPTION

An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability [CWE-79] vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.1, FortiSandbox 4.4.0 through 4.4.7, FortiSandbox 4.2 all versions, FortiSandbox 4.0 all versions may allow an unauthenticated attacker to execute commands via crafted requests. All information handled by the software may be rewritten. Furthermore, the software may stop working completely. Furthermore, attacks exploiting this vulnerability may affect other software as well

Trust: 1.62

sources: NVD: CVE-2025-52436 // JVNDB: JVNDB-2026-004182

AFFECTED PRODUCTS

vendor:fortinetmodel:fortisandboxscope:ltversion:5.0.2

Trust: 1.0

vendor:fortinetmodel:fortisandboxscope:gteversion:4.0.0

Trust: 1.0

vendor:fortinetmodel:fortisandboxscope:gteversion:5.0.0

Trust: 1.0

vendor:fortinetmodel:fortisandboxscope:ltversion:4.4.8

Trust: 1.0

vendor:フォーティネットmodel:fortisandboxscope:eqversion:5.0.0 that's all 5.0.2

Trust: 0.8

vendor:フォーティネットmodel:fortisandboxscope: - version: -

Trust: 0.8

vendor:フォーティネットmodel:fortisandboxscope:eqversion:4.0.0 that's all 4.4.8

Trust: 0.8

vendor:フォーティネットmodel:fortisandboxscope:eqversion: -

Trust: 0.8

sources: JVNDB: JVNDB-2026-004182 // NVD: CVE-2025-52436

CVSS

SEVERITY

CVSSV2

CVSSV3

psirt@fortinet.com: CVE-2025-52436
value: HIGH

Trust: 1.0

nvd@nist.gov: CVE-2025-52436
value: CRITICAL

Trust: 1.0

NVD: CVE-2025-52436
value: CRITICAL

Trust: 0.8

psirt@fortinet.com: CVE-2025-52436
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

nvd@nist.gov: CVE-2025-52436
baseSeverity: CRITICAL
baseScore: 9.6
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 6.0
version: 3.1

Trust: 1.0

NVD: CVE-2025-52436
baseSeverity: CRITICAL
baseScore: 9.6
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2026-004182 // NVD: CVE-2025-52436 // NVD: CVE-2025-52436

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.0

problemtype:Cross-site scripting (CWE-79) [ others ]

Trust: 0.8

sources: JVNDB: JVNDB-2026-004182 // NVD: CVE-2025-52436

PATCH

title:PSIRT | FortiGuard Labsurl:https://fortiguard.fortinet.com/psirt/FG-IR-25-093

Trust: 0.8

sources: JVNDB: JVNDB-2026-004182

EXTERNAL IDS

db:NVDid:CVE-2025-52436

Trust: 2.6

db:JVNDBid:JVNDB-2026-004182

Trust: 0.8

sources: JVNDB: JVNDB-2026-004182 // NVD: CVE-2025-52436

REFERENCES

url:https://fortiguard.fortinet.com/psirt/fg-ir-25-093

Trust: 1.0

url:https://nvd.nist.gov/vuln/detail/cve-2025-52436

Trust: 0.8

sources: JVNDB: JVNDB-2026-004182 // NVD: CVE-2025-52436

SOURCES

db:JVNDBid:JVNDB-2026-004182
db:NVDid:CVE-2025-52436

LAST UPDATE DATE

2026-02-21T23:30:21.896000+00:00


SOURCES UPDATE DATE

db:JVNDBid:JVNDB-2026-004182date:2026-02-20T02:23:00
db:NVDid:CVE-2025-52436date:2026-02-18T17:50:21.177

SOURCES RELEASE DATE

db:JVNDBid:JVNDB-2026-004182date:2026-02-20T00:00:00
db:NVDid:CVE-2025-52436date:2026-02-10T16:16:08.757