Home Vulnerabilities CVE-2025-52436 8.8 HIGH CVSS 3.1 CVE-2025-52436 Fortinet FortiSandbox Cross-Site Scripting Vulnerability An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability [CWE-79] vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.1, FortiSandbox 4.4.0 through 4.4.7, FortiSandbox 4.2 all versions, FortiSandbox 4.0 all versions may allow an unauthenticated attacker to execute commands via crafted requests. Published Date : Feb. 10, 2026, 4:16 p.m. Last Modified : Feb. 10, 2026, 9:52 p.m. Remotely Exploit : Yes ! Source : [email protected] Affected Products The following products are affected by CVE-2025-52436 vulnerability. Even if cvefeed.io is aware of the exact versions of the products that are affected, the information is not represented in the table below. ID Vendor Product Action 1 Fortinet fortisandbox The Common Vulnerability Scoring System is a standardized framework for assessing the severity of vulnerabilities in software and systems. We collect and displays CVSS scores from various sources for each CVE. Score Version Severity Vector Exploitability Score Impact Score Source CVSS 3.1 HIGH 6abe59d8-c742-4dff-8ce8-9b0ca1073da8 CVSS 3.1 HIGH [email protected] Update Fortinet FortiSandbox to a patched version to fix cross-site scripting vulnerability. Update Fortinet FortiSandbox to a patched version. Apply vendor-supplied patches. Sanitize user inputs. Validate all data. Here, you will find a curated list of external links that provide in-depth information, practical solutions, and valuable tools related to CVE-2025-52436 . URL Resource https://fortiguard.fortinet.com/psirt/FG-IR-25-093 While CVE identifies specific instances of vulnerabilities, CWE categorizes the common flaws or weaknesses that can lead to vulnerabilities. CVE-2025-52436 is associated with the following CWEs: CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Common Attack Pattern Enumeration and Classification (CAPEC) stores attack patterns, which are descriptions of the common attributes and approaches employed by adversaries to exploit the CVE-2025-52436 weaknesses. CAPEC-63: Cross-Site Scripting (XSS) Cross-Site Scripting (XSS) CAPEC-85: AJAX Footprinting AJAX Footprinting CAPEC-209: XSS Using MIME Type Mismatch XSS Using MIME Type Mismatch CAPEC-588: DOM-Based XSS DOM-Based XSS CAPEC-591: Reflected XSS Reflected XSS CAPEC-592: Stored XSS Stored XSS We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated). Results are limited to the first 15 repositories due to potential performance issues. The following list is the news that have been mention CVE-2025-52436 vulnerability anywhere in the article. CybersecurityNews FortiSandbox XSS Vulnerability Let Attackers Run Arbitrary Commands FortiSandbox XSS Vulnerability Fortinet has disclosed a high-severity cross-site scripting (XSS) vulnerability in its FortiSandbox platform, tracked as CVE-2025-52436 (FG-IR-25-093), that enables unau ... Read more Published Date: Feb 10, 2026 (5 days, 3 hours ago) The following table lists the changes that have been made to the CVE-2025-52436 vulnerability over time. Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics. New CVE Received by [email protected] Feb. 10, 2026 Action Type Old Value New Value Added Description An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability [CWE-79] vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.1, FortiSandbox 4.4.0 through 4.4.7, FortiSandbox 4.2 all versions, FortiSandbox 4.0 all versions may allow an unauthenticated attacker to execute commands via crafted requests. Added CVSS V3.1 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Added CWE CWE-79 Added Reference https://fortiguard.fortinet.com/psirt/FG-IR-25-093 EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days. Following chart shows the EPSS score history of the vulnerability. Cross-Site Scripting Base CVSS Score: 8.8 Attack Vector Network Adjacent Local Physical Attack Complexity Low High Privileges Required None Low High User Interaction None Required Scope Changed Unchanged Confidentiality Impact High Low None Integrity Impact High Low None Availability Impact High Low None Loading... Everybody has a different size of monitors and styles. You can customize the CVEFeed.io dashboard for your own taste. Layout Choose your layout Vertical Horizontal Two Column Color Scheme Choose Light or Dark Scheme. Light Dark Layout Width Choose Fluid or Boxed layout. Fluid Boxed Layout Position Choose Fixed or Scrollable Layout Position. Fixed Scrol