CVE-2025-58324: 
FortiSIEM vulnerability analysis and mitigation

CVE-2025-58324 is a stored cross-site scripting (XSS) vulnerability discovered in FortiSIEM versions 7.2.0 through 7.2.2, 7.1 and earlier versions down to 6.2. The vulnerability was disclosed on October 14, 2025, and affects the GUI component of FortiSIEM. The vulnerability stems from improper neutralization of input during web page generation [CWE-79] (NVD, Fortinet Advisory).

The vulnerability is classified as a stored XSS issue that can be exploited through crafted HTTP requests. It has received a CVSS v3.1 base score of 6.1 (Medium severity). The attack requires high privileges and user interaction, with network-based attack vector. The vulnerability has been assigned CWE-79 classification, which relates to improper neutralization of input during web page generation (NVD).

The vulnerability allows an authenticated attacker to execute unauthorized code or commands through stored cross-site scripting attacks. This could potentially lead to unauthorized access to sensitive information and compromise of user sessions within the FortiSIEM interface (Fortinet Advisory).

Fortinet has released version 7.2.3 to address this vulnerability. Users of FortiSIEM 7.2.0 through 7.2.2 should upgrade to version 7.2.3 or above. Users of all versions of 7.1 and earlier (down to 6.2) are advised to migrate to a fixed release (Fortinet Advisory).