Cross Site Scripting Vulnerability in FortiSIEM by Fortinet
CVE-2025-58324

6.1MEDIUM

Key Information:

Vendor: Fortinet
Status: Fortisiem
Vendor: CVE Published:; 14 October 2025

What is CVE-2025-58324?

A vulnerability exists in FortiSIEM that allows an authenticated attacker to exploit improper input neutralization during web page generation. This can lead to a stored cross-site scripting (XSS) attack when crafted HTTP requests are sent to the application. Attackers can leverage this vulnerability to execute arbitrary scripts in the context of the affected web application, posing significant security risks to users and potentially compromising sensitive information.

Affected Version(s)

FortiSIEM 7.2.0 <= 7.2.2

FortiSIEM 7.1.0 <= 7.1.8

FortiSIEM 7.0.0 <= 7.0.4

References

https://fortiguard.fortinet.com/psirt/FG-IR-24-280

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

High

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Oct 14, 2025
Vulnerability Reserved
Aug 28, 2025

JSON