CVE-2025-58324

📊 6.4 MEDIUM⚡ 0.0%🎯 0 exploits

📅 Published Oct 14, 2025

📋 Status: Analyzed

An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiSIEM 7.2.0 through 7.2.2, 7.1 all versions, 7.0 all versions, 6.7 all versions, 6.6 all versions, 6.5 all versions, 6.4 all versions, 6.3 all versions, 6.2 all versions may allow an authenticated attacker to perform a stored cross site scripting (XSS) attack via crafted HTTP requests.

CVSS v3.1 • [email protected]

🎯 Affected Products & Systems

1 product configurations affected

Filter by type:

Type	Vendor	Product	Version Range	Status	CPE String
📱App	fortinet	fortisiem	≥ 6.2.0 ∧ < 7.2.3	Vulnerable	cpe:2.3:a:fortinet:fortisiem::::::::

📱

fortinet / fortisiem

Application

Vulnerable

Version: ≥ 6.2.0 ∧ < 7.2.3

CPE:

cpe:2.3:a:fortinet:fortisiem:*:*:*:*:*:*:*:*

Metrics

6.4 MEDIUMCVSS v3.1[email protected]

CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H

Attack Vector:

NETWORK

Complexity:

HIGH

Privileges:

HIGH

User Interaction:

REQUIRED

Confidentiality:

HIGH

Integrity:

HIGH

Availability:

HIGH

Scope:

UNCHANGED

🔍 Technical Details

Analysis Status

Analyzed

CVSS Details

6.4 (MEDIUM)v3.1

Source: [email protected]

EPSS Details

0.0% (Minimal)10.7th percentile

Last updated: Oct 30, 2025

Exploitation probability within 30 days

Published Date

Oct 14, 2025 (18 days ago)

Last Modified

Oct 14, 2025 (18 days ago)

Security Weaknesses1

CWE-79

References2

NVDgeneral