Cross-Site Scripting Vulnerability in FortiSOAR by Fortinet
CVE-2025-32932

5.4MEDIUM

Key Information:

Vendor: Fortinet
Status: Fortisoar
Vendor: CVE Published:; 12 August 2025

What is CVE-2025-32932?

An vulnerability identified in FortiSOAR allows authenticated remote attackers to exploit improperly handled input during web page generation, leading to Cross-Site Scripting attacks. This could enable attackers to store malicious service requests that may compromise user data and perform unauthorized actions within the web application. It is crucial for users to apply updates or implement mitigations to safeguard against potential XSS exploits.

Affected Version(s)

FortiSOAR 7.6.0 <= 7.6.1

FortiSOAR 7.5.0 <= 7.5.1

FortiSOAR 7.4.0 <= 7.4.5

References

https://fortiguard.fortinet.com/psirt/FG-IR-24-513

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 12, 2025
Vulnerability Reserved
Apr 14, 2025