VDB
CVE-2025-40587
CVE-2025-40587
PUBLISHED
CVSS 7.599999904632568 HIGH
A vulnerability has been identified in Polarion V2404 (All versions < V2404.5), Polarion V2410 (All versions < V2410.2). The affected application allows arbitrary JavaScript code be included in document titles. This could allow an authenticated remote attacker to conduct a stored cross-site scripting attack by creating specially crafted document titles that are later viewed by other users of the application.
EPSS 0.02% · 6.2th percentile
Risk Scores
CVSS 3.1
7.599999904632568
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N
EPSS Score
0.02%
6.2th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Siemens | Polarion V2410 | 0, 0 |
| Siemens | Polarion V2404 | 0, 0 |
Exploit Intelligence
- CIRCL seen: CVE-2025-40587 (circl-sighting)
- CIRCL seen: CVE-2025-40587 (circl-sighting)
- https://cert-portal.siemens.com/productcert/html/ssa-035571.html (circl)
Timeline
- Apr 16, 2025 CVE ID Reserved
- Feb 10, 2026 EPSS Score
- Feb 10, 2026 CVE Published
- Feb 10, 2026 PoC Published
- Feb 10, 2026 CVE Updated
- Feb 12, 2026 EPSS Score
- Feb 12, 2026 PoC Published
- Feb 14, 2026 EPSS Score
- Feb 16, 2026 EPSS Score
- Feb 18, 2026 EPSS Score
- Feb 20, 2026 EPSS Score
- Feb 22, 2026 EPSS Score