CVE-2025-58324

Summary

An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiSIEM 7.2.0 through 7.2.2, 7.1 all versions, 7.0 all versions, 6.7 all versions, 6.6 all versions, 6.5 all versions, 6.4 all versions, 6.3 all versions, 6.2 all versions may allow an authenticated attacker to perform a stored cross site scripting (XSS) attack via crafted HTTP requests.

Affected Software

VendorProductVersion RangeStatus
FortinetFortiSIEM7.2.0 <= 7.2.2affected
FortinetFortiSIEM7.1.0 <= 7.1.9affected
FortinetFortiSIEM7.0.0 <= 7.0.4affected
FortinetFortiSIEM6.7.0 <= 6.7.10affected
FortinetFortiSIEM6.6.0 <= 6.6.5affected
FortinetFortiSIEM6.5.0 <= 6.5.3affected
FortinetFortiSIEM6.4.0 <= 6.4.4affected
FortinetFortiSIEM6.3.0 <= 6.3.3affected
FortinetFortiSIEM6.2.0 <= 6.2.1affected

Weaknesses

  • CWE-79: Execute unauthorized code or commands

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References