CVE-2025-32932

Summary

An Improper neutralization of input during web page generation ('cross-site scripting') vulnerability [CWE-79] in FortiSOAR version 7.6.1 and below, version 7.5.1 and below, 7.4 all versions, 7.3 all versions, 7.2 all versions, 7.0 all versions, 6.4 all versions WEB UI may allow an authenticated remote attacker to perform an XSS attack via stored malicious service requests

Affected Software

VendorProductVersion RangeStatus
FortinetFortiSOAR7.6.0 <= 7.6.1affected
FortinetFortiSOAR7.5.0 <= 7.5.1affected
FortinetFortiSOAR7.4.0 <= 7.4.5affected
FortinetFortiSOAR7.3.0 <= 7.3.3affected
FortinetFortiSOAR7.2.0 <= 7.2.2affected
FortinetFortiSOAR7.0.0 <= 7.0.3affected
FortinetFortiSOAR6.4.3 <= 6.4.4affected
FortinetFortiSOAR6.4.0 <= 6.4.1affected

Weaknesses

  • CWE-79: Execute unauthorized code or commands

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References