CVE-2025-46215

Published: Nov 18, 2025Modified: Nov 20, 2025

5.3

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Exploitability: 3.9 / Impact: 1.4

Source: psirt@fortinet.com (Secondary)

Description

An Improper Isolation or Compartmentalization vulnerability [CWE-653] in Fortinet FortiSandbox 5.0.0 through 5.0.1, FortiSandbox 4.4.0 through 4.4.7, FortiSandbox 4.2 all versions, FortiSandbox 4.0 all versions may allow an unauthenticated attacker to evade the sandboxing scan via a crafted file.

Affected (2)

Products: Fortinet: Fortisandbox

1 product

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Fortinet Fortisandbox	From 4.0.0 to 4.4.8
Fortinet Fortisandbox	From 5.0.0 to 5.0.2

Related CWEs

Improper Isolation or Compartmentalization

The product does not properly compartmentalize or isolate functionality, processes, or resources that require different privilege levels, rights, or permissions.

References (1)

https://fortiguard.fortinet.com/psirt/FG-IR-24-501

Source: psirt@fortinet.com

Vendor Advisory

Timeline

No history available yet.