Cross-Site Scripting Vulnerability in Fortinet FortiSandbox Products
CVE-2025-61886

4.9MEDIUM

Key Information:

Vendor: Fortinet
Status: Fortisandbox Paas; Fortisandbox
Vendor: CVE Published:; 14 April 2026

What is CVE-2025-61886?

A vulnerability exists in Fortinet FortiSandbox versions 5.0.0 through 5.0.4 and FortiSandbox PaaS versions 5.0.0 through 5.0.4, which allows attackers to execute Cross-Site Scripting (XSS) attacks. This occurs due to improper input neutralization during web page generation, making it possible for malicious actors to craft specific HTTP requests aimed at exploiting this flaw. A successful attack could lead to unauthorized access and manipulation of user data, emphasizing the need for immediate attention to security updates and patching measures.

Affected Version(s)

FortiSandbox 5.0.0 <= 5.0.4

FortiSandbox PaaS 5.0.0 <= 5.0.4

References

https://fortiguard.fortinet.com/psirt/FG-IR-26-109

CVSS V3.1

Score:

4.9

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 14, 2026
Vulnerability Reserved
Oct 3, 2025

CVE-2025-61886 Data

JSON