VDB

CVE-2025-40892

CVE-2025-40892 PUBLISHED CVSS 7.099999904632568 HIGH

A Stored Cross-Site Scripting vulnerability was discovered in the Reports functionality due to improper validation of an input parameter. An authenticated user with report privileges can define a malicious report containing a JavaScript payload, or a victim can be socially engineered to import a malicious report template. When the victim views or imports the report, the XSS executes in their browser context, allowing the attacker to perform unauthorized actions as the victim, such as modify application data, disrupt application availability, and access limited sensitive information.

EPSS 0.03% · 9.9th percentile

Risk Scores

CVSS 4.0
7.099999904632568
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:H/VA:H/SC:L/SI:L/SA:L
EPSS Score
0.03%
9.9th percentile

Affected Products

VendorProductVersions
Nozomi NetworksCMC0, 0
Nozomi NetworksGuardian0, 0
nozominetworksguardian0, 0
SiemensRUGGEDCOM APE18080
nozomi_networkscmc0, 0
nozomi_networksguardian0, 0
nozominetworkscmc0, 0

Timeline

  • Dec 18, 2025 CVE Published
  • Dec 19, 2025 EPSS Score
  • Dec 23, 2025 EPSS Score
  • Dec 27, 2025 EPSS Score
  • Dec 31, 2025 EPSS Score
  • Jan 3, 2026 EPSS Score
  • Jan 6, 2026 PoC Published
  • Jan 7, 2026 EPSS Score
  • Jan 11, 2026 EPSS Score
  • Jan 15, 2026 EPSS Score
  • Jan 19, 2026 EPSS Score
  • Jan 23, 2026 EPSS Score
Open in Interactive Console →
$ Console Community · 100/wk Open console ›