{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2025-58412","assignerOrgId":"6abe59d8-c742-4dff-8ce8-9b0ca1073da8","state":"PUBLISHED","assignerShortName":"fortinet","dateReserved":"2025-09-01T09:44:13.174Z","datePublished":"2025-11-19T09:49:04.525Z","dateUpdated":"2026-02-26T16:21:06.365Z"},"containers":{"cna":{"affected":[{"vendor":"Fortinet","product":"FortiADC","cpes":["cpe:2.3:h:fortinet:fortiadc:8.0.0:*:*:*:*:*:*:*","cpe:2.3:h:fortinet:fortiadc:7.6.3:*:*:*:*:*:*:*","cpe:2.3:h:fortinet:fortiadc:7.6.2:*:*:*:*:*:*:*","cpe:2.3:h:fortinet:fortiadc:7.6.1:*:*:*:*:*:*:*","cpe:2.3:h:fortinet:fortiadc:7.6.0:*:*:*:*:*:*:*","cpe:2.3:h:fortinet:fortiadc:7.4.9:*:*:*:*:*:*:*","cpe:2.3:h:fortinet:fortiadc:7.4.8:*:*:*:*:*:*:*","cpe:2.3:h:fortinet:fortiadc:7.4.7:*:*:*:*:*:*:*","cpe:2.3:h:fortinet:fortiadc:7.4.6:*:*:*:*:*:*:*","cpe:2.3:h:fortinet:fortiadc:7.4.5:*:*:*:*:*:*:*","cpe:2.3:h:fortinet:fortiadc:7.4.4:*:*:*:*:*:*:*","cpe:2.3:h:fortinet:fortiadc:7.4.3:*:*:*:*:*:*:*","cpe:2.3:h:fortinet:fortiadc:7.4.2:*:*:*:*:*:*:*","cpe:2.3:h:fortinet:fortiadc:7.4.1:*:*:*:*:*:*:*","cpe:2.3:h:fortinet:fortiadc:7.4.0:*:*:*:*:*:*:*","cpe:2.3:h:fortinet:fortiadc:7.2.8:*:*:*:*:*:*:*","cpe:2.3:h:fortinet:fortiadc:7.2.7:*:*:*:*:*:*:*","cpe:2.3:h:fortinet:fortiadc:7.2.6:*:*:*:*:*:*:*","cpe:2.3:h:fortinet:fortiadc:7.2.5:*:*:*:*:*:*:*","cpe:2.3:h:fortinet:fortiadc:7.2.4:*:*:*:*:*:*:*","cpe:2.3:h:fortinet:fortiadc:7.2.3:*:*:*:*:*:*:*","cpe:2.3:h:fortinet:fortiadc:7.2.2:*:*:*:*:*:*:*","cpe:2.3:h:fortinet:fortiadc:7.2.1:*:*:*:*:*:*:*","cpe:2.3:h:fortinet:fortiadc:7.2.0:*:*:*:*:*:*:*"],"defaultStatus":"unaffected","versions":[{"version":"8.0.0","status":"affected"},{"versionType":"semver","version":"7.6.0","lessThanOrEqual":"7.6.3","status":"affected"},{"versionType":"semver","version":"7.4.0","lessThanOrEqual":"7.4.9","status":"affected"},{"versionType":"semver","version":"7.2.0","lessThanOrEqual":"7.2.8","status":"affected"}]}],"descriptions":[{"lang":"en","value":"A improper neutralization of script-related html tags in a web page (basic xss) vulnerability in Fortinet FortiADC 8.0.0, FortiADC 7.6.0 through 7.6.3, FortiADC 7.4 all versions, FortiADC 7.2 all versions may allow attacker to execute unauthorized code or commands via crafted URL."}],"providerMetadata":{"orgId":"6abe59d8-c742-4dff-8ce8-9b0ca1073da8","shortName":"fortinet","dateUpdated":"2026-01-14T09:16:11.943Z"},"problemTypes":[{"descriptions":[{"lang":"en","cweId":"CWE-80","description":"Execute unauthorized code or commands","type":"CWE"}]}],"metrics":[{"format":"CVSS","cvssV3_1":{"version":"3.1","attackComplexity":"HIGH","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":4.2,"baseSeverity":"MEDIUM","confidentialityImpact":"LOW","integrityImpact":"LOW","privilegesRequired":"NONE","scope":"CHANGED","userInteraction":"REQUIRED","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N/E:P/RL:O/RC:C"}}],"solutions":[{"lang":"en","value":"Upgrade to FortiADC version 8.0.1 or above\nUpgrade to FortiADC version 7.6.4 or above"}],"references":[{"name":"https://fortiguard.fortinet.com/psirt/FG-IR-25-736","url":"https://fortiguard.fortinet.com/psirt/FG-IR-25-736"}]},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"id":"CVE-2025-58412","role":"CISA Coordinator","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"total"}],"version":"2.0.3","timestamp":"2025-11-20T04:55:22.316078Z"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2026-02-26T16:21:06.365Z"}}]}}