CVE-2025-58412 is a cross-site scripting (XSS) vulnerability identified in Fortinet FortiADC versions 8.0.0, 7.6.0 through 7.6.3, 7.4 all versions, and 7.2 all versions. The vulnerability stems from improper neutralization of script-related HTML tags within the web interface, allowing an attacker to inject malicious scripts via crafted URLs. When a victim user accesses such a URL, the malicious script executes in the context of the FortiADC web application, potentially enabling unauthorized code execution or command injection within the user's session. The vulnerability is remotely exploitable over the network without requiring authentication; however, it requires user interaction (clicking or visiting a malicious link). The CVSS v3.1 base score is 4.2, reflecting a medium severity level, with attack vector network (AV:N), attack complexity high (AC:H), no privileges required (PR:N), user interaction required (UI:R), and scope changed (S:C). The impact affects confidentiality and integrity to a limited extent but does not affect availability. No known exploits have been reported in the wild as of publication. FortiADC is a critical component in many enterprise networks for application delivery and load balancing, making this vulnerability relevant for organizations relying on Fortinet infrastructure. The vulnerability was publicly disclosed on November 19, 2025, and no official patches or mitigations have been linked yet, though Fortinet is expected to release updates. The vulnerability's exploitation could lead to session hijacking, unauthorized command execution within the web interface context, or further pivoting within the network if combined with other vulnerabilities or misconfigurations.

For European organizations, the impact of CVE-2025-58412 could be significant in environments where FortiADC devices are deployed to manage critical application delivery and load balancing. Successful exploitation could allow attackers to execute unauthorized scripts, potentially leading to session hijacking, theft of sensitive information, or unauthorized command execution within the administrative interface. This could compromise the confidentiality and integrity of network traffic and management operations. Although availability is not directly impacted, the breach of administrative control could indirectly affect service reliability. Organizations in sectors such as finance, healthcare, government, and telecommunications, which heavily rely on Fortinet products for secure and efficient application delivery, may face increased risk. Additionally, the vulnerability could be leveraged as a foothold for further lateral movement or combined with other exploits to escalate privileges. The requirement for user interaction somewhat limits the attack surface but does not eliminate risk, especially in environments with less stringent user awareness or where phishing campaigns are prevalent.

1. Monitor Fortinet’s official advisories closely and apply security patches or firmware updates for FortiADC as soon as they become available to address CVE-2025-58412. 2. Implement strict input validation and output encoding on all web interfaces to prevent injection of malicious scripts. 3. Employ Web Application Firewalls (WAFs) with rules tailored to detect and block XSS attack patterns targeting FortiADC management interfaces. 4. Restrict access to FortiADC administrative interfaces to trusted networks and VPNs, minimizing exposure to the internet. 5. Enforce multi-factor authentication (MFA) for all administrative access to reduce the risk of session hijacking. 6. Conduct user awareness training focused on recognizing phishing attempts and suspicious URLs to reduce the likelihood of user interaction with malicious links. 7. Regularly audit and monitor logs for unusual activity or repeated access attempts to the FortiADC web interface. 8. Consider network segmentation to isolate FortiADC devices from general user networks to limit lateral movement if compromised.