cbcvebase.
CVE-2025-52436
published 2026-02-10

CVE-2025-52436: An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability [CWE-79] vulnerability in Fortinet FortiSandbox 5.0.0…

PriorityP263critical9.6CVSS 3.1
AVNACLPRNUIRSCCHIHAH
EPSS
7.45%
93.7th percentile
An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability [CWE-79] vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.1, FortiSandbox 4.4.0 through 4.4.7, FortiSandbox 4.2 all versions, FortiSandbox 4.0 all versions may allow an unauthenticated attacker to execute commands via crafted requests.

Affected

8 ranges
VendorProductVersion rangeFixed in
fortinetfortinet
fortinetfortisandbox
fortinetfortisandbox>= 4.0.0 < 4.4.84.4.8
fortinetfortisandbox4.0.0 – 4.0.6
fortinetfortisandbox4.2.1 – 4.2.8
fortinetfortisandbox4.4.0 – 4.4.7
fortinetfortisandbox>= 5.0.0 < 5.0.25.0.2
fortinetfortisandbox5.0.0 – 5.0.1

Detection & IOCsextracted from sources · hover to see the quote

  • Vulnerability is triggered via the browser back button navigation in FortiSandbox web UI — monitor for crafted HTTP requests targeting FortiSandbox web interface that may contain XSS payloads in URL/referrer parameters associated with back-navigation
  • Unauthenticated exploitation vector — no session/authentication token required; look for XSS payloads in requests from unauthenticated sources to FortiSandbox web management interface
  • ·Affected versions span a wide range: FortiSandbox 5.0.0–5.0.1, 4.4.0–4.4.7, all of 4.2.x, and all of 4.0.x — ensure version scope is confirmed before scoping detection rules
  • ·CVSS score of 8.8 (High) with unauthenticated attack vector elevates urgency; exposure of the FortiSandbox web management interface to untrusted networks significantly increases risk
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.