Sign-up

ID

VAR-202603-1705


CVE

CVE-2025-53608


TITLE

fortinet's FortiSandbox Cross-site scripting vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2026-007202

DESCRIPTION

An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability [CWE-79] vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.2, FortiSandbox 4.4.0 through 4.4.7, FortiSandbox 4.2 all versions, FortiSandbox 4.0 all versions may allow an authenticated privileged attacker to execute code via crafted requests. [CWE-79] This vulnerability exists. Also, some of the information handled by the software may be rewritten. Furthermore, the software will not stop. Furthermore, attacks exploiting this vulnerability may affect other software

Trust: 1.62

sources: NVD: CVE-2025-53608 // JVNDB: JVNDB-2026-007202

AFFECTED PRODUCTS

vendor:fortinetmodel:fortisandboxscope:ltversion:4.4.8

Trust: 1.0

vendor:fortinetmodel:fortisandboxscope:gteversion:5.0.0

Trust: 1.0

vendor:fortinetmodel:fortisandboxscope:gteversion:4.0.0

Trust: 1.0

vendor:fortinetmodel:fortisandboxscope:ltversion:5.0.3

Trust: 1.0

vendor:フォーティネットmodel:fortisandboxscope:eqversion:4.0.0 that's all 4.4.8

Trust: 0.8

vendor:フォーティネットmodel:fortisandboxscope: - version: -

Trust: 0.8

vendor:フォーティネットmodel:fortisandboxscope:eqversion: -

Trust: 0.8

vendor:フォーティネットmodel:fortisandboxscope:eqversion:5.0.0 that's all 5.0.3

Trust: 0.8

sources: JVNDB: JVNDB-2026-007202 // NVD: CVE-2025-53608

CVSS

SEVERITY

CVSSV2

CVSSV3

psirt@fortinet.com: CVE-2025-53608
value: MEDIUM

Trust: 1.0

OTHER: JVNDB-2026-007202
value: MEDIUM

Trust: 0.8

psirt@fortinet.com: CVE-2025-53608
baseSeverity: MEDIUM
baseScore: 4.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 1.7
impactScore: 2.7
version: 3.1

Trust: 1.0

OTHER: JVNDB-2026-007202
baseSeverity: MEDIUM
baseScore: 4.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2026-007202 // NVD: CVE-2025-53608

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.0

problemtype:Cross-site scripting (CWE-79) [ others ]

Trust: 0.8

sources: JVNDB: JVNDB-2026-007202 // NVD: CVE-2025-53608

PATCH

title:PSIRT | FortiGuard Labsurl:https://fortiguard.fortinet.com/psirt/FG-IR-26-091

Trust: 0.8

sources: JVNDB: JVNDB-2026-007202

EXTERNAL IDS

db:NVDid:CVE-2025-53608

Trust: 2.6

db:JVNDBid:JVNDB-2026-007202

Trust: 0.8

sources: JVNDB: JVNDB-2026-007202 // NVD: CVE-2025-53608

REFERENCES

url:https://fortiguard.fortinet.com/psirt/fg-ir-26-091

Trust: 1.0

url:https://nvd.nist.gov/vuln/detail/cve-2025-53608

Trust: 0.8

sources: JVNDB: JVNDB-2026-007202 // NVD: CVE-2025-53608

SOURCES

db:JVNDBid:JVNDB-2026-007202
db:NVDid:CVE-2025-53608

LAST UPDATE DATE

2026-03-16T23:59:39.636000+00:00


SOURCES UPDATE DATE

db:JVNDBid:JVNDB-2026-007202date:2026-03-16T05:55:00
db:NVDid:CVE-2025-53608date:2026-03-12T21:18:33.917

SOURCES RELEASE DATE

db:JVNDBid:JVNDB-2026-007202date:2026-03-16T00:00:00
db:NVDid:CVE-2025-53608date:2026-03-10T18:17:57.970