{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-58412", "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "state": "PUBLISHED", "assignerShortName": "fortinet", "dateReserved": "2025-09-01T09:44:13.174Z", "datePublished": "2025-11-19T09:49:04.525Z", "dateUpdated": "2025-11-20T16:36:14.427Z"}, "containers": {"cna": {"affected": [{"vendor": "Fortinet", "product": "FortiADC", "cpes": ["cpe:2.3:h:fortinet:fortiadc:8.0.0:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:7.6.3:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:7.6.2:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:7.6.1:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:7.6.0:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:7.4.9:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:7.4.8:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:7.4.7:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:7.4.6:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:7.4.5:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:7.4.4:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:7.4.3:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:7.4.2:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:7.4.1:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:7.4.0:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:7.2.8:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:7.2.7:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:7.2.6:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:7.2.5:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:7.2.4:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:7.2.3:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:7.2.2:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:7.2.1:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:7.2.0:*:*:*:*:*:*:*"], "defaultStatus": "unaffected", "versions": [{"version": "8.0.0", "status": "affected"}, {"versionType": "semver", "version": "7.6.0", "lessThanOrEqual": "7.6.3", "status": "affected"}, {"versionType": "semver", "version": "7.4.0", "lessThanOrEqual": "7.4.9", "status": "affected"}, {"versionType": "semver", "version": "7.2.0", "lessThanOrEqual": "7.2.8", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "A improper neutralization of script-related html tags in a web page (basic xss) vulnerability in Fortinet FortiADC 8.0.0, FortiADC 7.6.0 through 7.6.3, FortiADC 7.4 all versions, FortiADC 7.2 all versions may allow attacker to execute unauthorized code or commands via crafted URL."}], "providerMetadata": {"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "shortName": "fortinet", "dateUpdated": "2025-11-20T16:36:14.427Z"}, "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-80", "description": "Execute unauthorized code or commands", "type": "CWE"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"version": "3.1", "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N/E:P/RL:O/RC:C"}}], "solutions": [{"lang": "en", "value": "Upgrade to FortiADC version 8.0.1 or above\nUpgrade to FortiADC version 7.6.4 or above"}], "references": [{"name": "https://fortiguard.fortinet.com/psirt/FG-IR-25-736", "url": "https://fortiguard.fortinet.com/psirt/FG-IR-25-736"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-11-19T00:00:00+00:00", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3", "id": "CVE-2025-58412"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-11-20T04:55:21.921Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-58412", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-11-19T16:44:48.123122Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-11-19T16:44:54.073Z"}}], "cna": {"metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 4.2, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N/E:P/RL:O/RC:C", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}], "affected": [{"cpes": ["cpe:2.3:h:fortinet:fortiadc:8.0.0:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:7.6.3:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:7.6.2:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:7.6.1:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:7.6.0:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:7.4.9:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:7.4.8:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:7.4.7:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:7.4.6:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:7.4.5:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:7.4.4:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:7.4.3:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:7.4.2:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:7.4.1:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:7.4.0:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:7.2.8:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:7.2.7:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:7.2.6:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:7.2.5:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:7.2.4:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:7.2.3:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:7.2.2:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:7.2.1:*:*:*:*:*:*:*", "cpe:2.3:h:fortinet:fortiadc:7.2.0:*:*:*:*:*:*:*"], "vendor": "Fortinet", "product": "FortiADC", "versions": [{"status": "affected", "version": "8.0.0"}, {"status": "affected", "version": "7.6.0", "versionType": "semver", "lessThanOrEqual": "7.6.3"}, {"status": "affected", "version": "7.4.0", "versionType": "semver", "lessThanOrEqual": "7.4.9"}, {"status": "affected", "version": "7.2.0", "versionType": "semver", "lessThanOrEqual": "7.2.8"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "Upgrade to FortiADC version 8.0.1 or above\nUpgrade to FortiADC version 7.6.4 or above"}], "references": [{"url": "https://fortiguard.fortinet.com/psirt/FG-IR-25-736", "name": "https://fortiguard.fortinet.com/psirt/FG-IR-25-736"}], "descriptions": [{"lang": "en", "value": "A improper neutralization of script-related html tags in a web page (basic xss) vulnerability in Fortinet FortiADC 8.0.0, FortiADC 7.6.0 through 7.6.3, FortiADC 7.4 all versions, FortiADC 7.2 all versions may allow attacker to execute unauthorized code or commands via crafted URL."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-80", "description": "Execute unauthorized code or commands"}]}], "providerMetadata": {"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "shortName": "fortinet", "dateUpdated": "2025-11-20T16:36:14.427Z"}}}, "cveMetadata": {"cveId": "CVE-2025-58412", "state": "PUBLISHED", "dateUpdated": "2025-11-20T16:36:14.427Z", "dateReserved": "2025-09-01T09:44:13.174Z", "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "datePublished": "2025-11-19T09:49:04.525Z", "assignerShortName": "fortinet"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:fortinet:fortiadc:*:*:*:*:*:*:*:*", "matchCriteriaId": "026A9B16-7DB1-4488-B13D-F61272BAE7F1", "versionEndExcluding": "7.6.4", "versionStartIncluding": "7.2.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:fortinet:fortiadc:8.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "FE5091E7-982E-451B-B782-4C9669421558", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A improper neutralization of script-related html tags in a web page (basic xss) vulnerability in Fortinet FortiADC 8.0.0, FortiADC 7.6.0 through 7.6.3, FortiADC 7.4 all versions, FortiADC 7.2 all versions may allow attacker to execute unauthorized code or commands via crafted URL."}], "id": "CVE-2025-58412", "lastModified": "2025-11-20T14:38:45.610", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 1.6, "impactScore": 2.7, "source": "[email protected]", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "[email protected]", "type": "Primary"}]}, "published": "2025-11-19T10:15:45.257", "references": [{"source": "[email protected]", "tags": ["Vendor Advisory"], "url": "https://fortiguard.fortinet.com/psirt/FG-IR-25-736"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-80"}], "source": "[email protected]", "type": "Primary"}]}

{}