CVE-2025-58324_CVE-2025-58324

6.1 / 10

MEDIUM

CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:X/RC:C

Description

An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiSIEM 7.2.0 through 7.2.2, 7.1 all versions, 7.0 all versions, 6.7 all versions, 6.6 all versions, 6.5 all versions, 6.4 all versions, 6.3 all versions, 6.2 all versions may allow an authenticated attacker to perform a stored cross site scripting (XSS) attack via crafted HTTP requests.

Basic Information

ID CVE-2025-58324

Source fortinet

Published Oct 14, 2025 at 15:22

Affected Product

Vendor Fortinet

Product FortiSIEM

Version 7.2.0

Affected Versions Fortinet FortiSIEM 7.2.0
Fortinet FortiSIEM 7.1.0
Fortinet FortiSIEM 7.0.0
Fortinet FortiSIEM 6.7.0
Fortinet FortiSIEM 6.6.0
Fortinet FortiSIEM 6.5.0
Fortinet FortiSIEM 6.4.0
Fortinet FortiSIEM 6.3.0
Fortinet FortiSIEM 6.2.0

CWE Classification

CWE-79

References

fortiguard.fortinet.com /psirt/FG-IR-24-280

{
    "lastseen": "",
    "description": "An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiSIEM 7.2.0 through 7.2.2, 7.1 all versions, 7.0 all versions, 6.7 all versions, 6.6 all versions, 6.5 all versions, 6.4 all versions, 6.3 all versions, 6.2 all versions may allow an authenticated attacker to perform a stored cross site scripting (XSS) attack via crafted HTTP requests.",
    "published": "2025-10-14T15:22:35.310Z",
    "modified": "2025-10-14T15:22:35.310Z",
    "type": "cve",
    "title": "CVE-2025-58324",
    "source": "fortinet",
    "references": "https://fortiguard.fortinet.com/psirt/FG-IR-24-280",
    "id": "CVE-2025-58324",
    "bulletinFamily": "",
    "cwe": [
        "CWE-79"
    ],
    "cvelist": null,
    "sourceData": "Fortinet FortiSIEM 7.2.0\nFortinet FortiSIEM 7.1.0\nFortinet FortiSIEM 7.0.0\nFortinet FortiSIEM 6.7.0\nFortinet FortiSIEM 6.6.0\nFortinet FortiSIEM 6.5.0\nFortinet FortiSIEM 6.4.0\nFortinet FortiSIEM 6.3.0\nFortinet FortiSIEM 6.2.0",
    "sourceHref": "",
    "cvss": {
        "score": 6.1,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:X/RC:C",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "FortiSIEM",
    "version": "7.2.0",
    "vendor": "Fortinet",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}