CVE-2025-31366_CVE-2025-31366

4.5 / 10

MEDIUM

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N/E:P/RL:X/RC:C

Description

An Improper Neutralization of Input During Web Page Generation vulnerability [CWE-79] in FortiOS 7.6.0 through 7.6.3, 7.4.0 through 7.4.7, 7.2 all versions, 7.0 all versions, 6.4 all versions; FortiProxy 7.6.0 through 7.6.3, 7.4.0 through 7.4.9, 7.2 all versions, 7.0 all versions; FortiSASE 25.3.a may allow an unauthenticated attacker to perform a reflected cross site scripting (XSS) via crafted HTTP requests.

Basic Information

ID CVE-2025-31366

Source fortinet

Published Oct 14, 2025 at 15:22

Affected Product

Vendor Fortinet

Product FortiOS

Version 7.6.0

Affected Versions Fortinet FortiOS 7.6.0
Fortinet FortiOS 7.4.0
Fortinet FortiOS 7.2.0
Fortinet FortiOS 7.0.0
Fortinet FortiOS 6.4.0
Fortinet FortiProxy 7.6.0
Fortinet FortiProxy 7.4.0
Fortinet FortiProxy 7.2.0
Fortinet FortiProxy 7.0.0

CWE Classification

CWE-79

References

fortiguard.fortinet.com /psirt/FG-IR-24-542

{
    "lastseen": "",
    "description": "An Improper Neutralization of Input During Web Page Generation vulnerability [CWE-79] in FortiOS 7.6.0 through 7.6.3, 7.4.0 through 7.4.7, 7.2 all versions, 7.0 all versions, 6.4 all versions; FortiProxy 7.6.0 through 7.6.3, 7.4.0 through 7.4.9, 7.2 all versions, 7.0 all versions; FortiSASE 25.3.a may allow an unauthenticated attacker to perform a reflected cross site scripting (XSS) via crafted HTTP requests.",
    "published": "2025-10-14T15:22:57.657Z",
    "modified": "2025-10-14T15:22:57.657Z",
    "type": "cve",
    "title": "CVE-2025-31366",
    "source": "fortinet",
    "references": "https://fortiguard.fortinet.com/psirt/FG-IR-24-542",
    "id": "CVE-2025-31366",
    "bulletinFamily": "",
    "cwe": [
        "CWE-79"
    ],
    "cvelist": null,
    "sourceData": "Fortinet FortiOS 7.6.0\nFortinet FortiOS 7.4.0\nFortinet FortiOS 7.2.0\nFortinet FortiOS 7.0.0\nFortinet FortiOS 6.4.0\nFortinet FortiProxy 7.6.0\nFortinet FortiProxy 7.4.0\nFortinet FortiProxy 7.2.0\nFortinet FortiProxy 7.0.0",
    "sourceHref": "",
    "cvss": {
        "score": 4.5,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N/E:P/RL:X/RC:C",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "FortiOS",
    "version": "7.6.0",
    "vendor": "Fortinet",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}