FortiSandbox: Attackers can run malicious code on your system

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

4.8

FortiSandbox: Attackers can run malicious code on your system

CVE-2025-53608

Summary

A security flaw in FortiSandbox allows an attacker with elevated access to run unauthorized code on your system. This can happen if an attacker sends a specially crafted request to the system. To protect your system, update FortiSandbox to the latest version or apply a patch as soon as possible.

Original title

Original description

An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability [CWE-79] vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.2, FortiSandbox 4.4.0 through 4.4.7, FortiSandbox 4.2 all versions, FortiSandbox 4.0 all versions may allow an authenticated privileged attacker to execute code via crafted requests.

nvd CVSS3.1 4.8

Vulnerability type

CWE-79 Cross-site Scripting (XSS)

https://fortiguard.fortinet.com/psirt/FG-IR-26-091

Published: 10 Mar 2026 · Updated: 14 Mar 2026 · First seen: 11 Mar 2026