Unrated severityNVD Advisory· Published Nov 19, 2025· Updated Feb 26, 2026

CVE-2025-58412

Description

A improper neutralization of script-related html tags in a web page (basic xss) vulnerability in Fortinet FortiADC 8.0.0, FortiADC 7.6.0 through 7.6.3, FortiADC 7.4 all versions, FortiADC 7.2 all versions may allow attacker to execute unauthorized code or commands via crafted URL.

Affected products

Fortinet/FortiADCv5
cpe:2.3:h:fortinet:fortiadc:8.0.0:*:*:*:*:*:*:*
Range: 8.0.0
Fortinet/Fortiadc 300ellm-fuzzy
Range: 8.0.0, 7.6.0 through 7.6.3, 7.4 all, 7.2 all

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

fortiguard.fortinet.com/psirt/FG-IR-25-736mitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000