CVE-2025-22855 - Vulnerability Details - OpenCVE

An improper neutralization of input during web page generation ('Cross-site Scripting') [CWE-79] vulnerability in Fortinet FortiClient before 7.4.1 may allow the EMS administrator to send messages containing javascript code.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Fortinet	Forticlientems

Configuration 1 [-]

OR	cpe:2.3:a:fortinet:forticlientems::::::::
	cpe:2.3:a:fortinet:forticlientems::::::::

No data.

References

Link	Providers
https://fortiguard.fortinet.com/psirt/FG-IR-23-344

History

Wed, 23 Jul 2025 16:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Fortinet Fortinet forticlientems
CPEs		cpe:2.3:a:fortinet:forticlientems::::::::
Vendors & Products		Fortinet Fortinet forticlientems

Tue, 08 Apr 2025 15:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Tue, 08 Apr 2025 14:15:00 +0000

Type	Values Removed	Values Added
Description		An improper neutralization of input during web page generation ('Cross-site Scripting') [CWE-79] vulnerability in Fortinet FortiClient before 7.4.1 may allow the EMS administrator to send messages containing javascript code.
Weaknesses		CWE-79
References		https://fortiguard.fortinet.com/psirt/FG-IR-23-344
Metrics		cvssV3_1 `{'score': 2.6, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N/E:P/RL:X/RC:C'}`

MITRE

Status: PUBLISHED

Assigner: fortinet

Published: 2025-04-08T14:02:44.119Z

Updated: 2025-04-08T14:47:47.378Z

Reserved: 2025-01-08T09:38:22.820Z

Link: CVE-2025-22855

Vulnrichment

Updated: 2025-04-08T14:47:41.021Z

NVD

Status : Analyzed

Published: 2025-04-08T14:15:32.690

Modified: 2025-07-23T16:03:19.720

Link: CVE-2025-22855

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-22855", "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "state": "PUBLISHED", "assignerShortName": "fortinet", "dateReserved": "2025-01-08T09:38:22.820Z", "datePublished": "2025-04-08T14:02:44.119Z", "dateUpdated": "2025-04-08T14:47:47.378Z"}, "containers": {"cna": {"affected": [{"vendor": "Fortinet", "product": "FortiClientEMS", "cpes": [], "defaultStatus": "unaffected", "versions": [{"versionType": "semver", "version": "7.4.0", "lessThanOrEqual": "7.4.1", "status": "affected"}, {"versionType": "semver", "version": "7.2.1", "lessThanOrEqual": "7.2.8", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "An improper neutralization of input during web page generation ('Cross-site Scripting') [CWE-79] vulnerability in Fortinet FortiClient before 7.4.1 may allow the EMS administrator to send messages containing javascript code."}], "providerMetadata": {"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "shortName": "fortinet", "dateUpdated": "2025-04-08T14:02:44.119Z"}, "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-79", "description": "Execute unauthorized code or commands", "type": "CWE"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"version": "3.1", "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 2.6, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N/E:P/RL:X/RC:C"}}], "solutions": [{"lang": "en", "value": "Please upgrade to FortiClientEMS version 7.4.3 or above"}], "references": [{"name": "https://fortiguard.fortinet.com/psirt/FG-IR-23-344", "url": "https://fortiguard.fortinet.com/psirt/FG-IR-23-344"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-04-08T14:45:39.245375Z", "id": "CVE-2025-22855", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-08T14:47:47.378Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-22855", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-04-08T14:45:39.245375Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-08T14:47:41.021Z"}}], "cna": {"metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 2.6, "attackVector": "NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N/E:P/RL:X/RC:C", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "NONE"}}], "affected": [{"cpes": [], "vendor": "Fortinet", "product": "FortiClientEMS", "versions": [{"status": "affected", "version": "7.4.0", "versionType": "semver", "lessThanOrEqual": "7.4.1"}, {"status": "affected", "version": "7.2.1", "versionType": "semver", "lessThanOrEqual": "7.2.8"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "Please upgrade to FortiClientEMS version 7.4.3 or above"}], "references": [{"url": "https://fortiguard.fortinet.com/psirt/FG-IR-23-344", "name": "https://fortiguard.fortinet.com/psirt/FG-IR-23-344"}], "descriptions": [{"lang": "en", "value": "An improper neutralization of input during web page generation ('Cross-site Scripting') [CWE-79] vulnerability in Fortinet FortiClient before 7.4.1 may allow the EMS administrator to send messages containing javascript code."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-79", "description": "Execute unauthorized code or commands"}]}], "providerMetadata": {"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "shortName": "fortinet", "dateUpdated": "2025-04-08T14:02:44.119Z"}}}, "cveMetadata": {"cveId": "CVE-2025-22855", "state": "PUBLISHED", "dateUpdated": "2025-04-08T14:47:47.378Z", "dateReserved": "2025-01-08T09:38:22.820Z", "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "datePublished": "2025-04-08T14:02:44.119Z", "assignerShortName": "fortinet"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:fortinet:forticlientems:*:*:*:*:*:*:*:*", "matchCriteriaId": "8B35B82C-BC53-4C11-B5FC-717A0175BD23", "versionEndIncluding": "7.2.10", "versionStartIncluding": "7.2.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:fortinet:forticlientems:*:*:*:*:*:*:*:*", "matchCriteriaId": "962187B8-C4C4-41F3-9487-8061F983F505", "versionEndExcluding": "7.4.3", "versionStartIncluding": "7.4.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An improper neutralization of input during web page generation ('Cross-site Scripting') [CWE-79] vulnerability in Fortinet FortiClient before 7.4.1 may allow the EMS administrator to send messages containing javascript code."}, {"lang": "es", "value": "Una vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') [CWE-79] en Fortinet FortiClient anterior a 7.4.1 puede permitir que el administrador de EMS env\u00ede mensajes que contengan c\u00f3digo javascript."}], "id": "CVE-2025-22855", "lastModified": "2025-07-23T16:03:19.720", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 2.7, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 1.4, "source": "psirt@fortinet.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 1.7, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2025-04-08T14:15:32.690", "references": [{"source": "psirt@fortinet.com", "tags": ["Vendor Advisory"], "url": "https://fortiguard.fortinet.com/psirt/FG-IR-23-344"}], "sourceIdentifier": "psirt@fortinet.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "psirt@fortinet.com", "type": "Primary"}]}