CVE-2025-40892 — Vulnetix

Try Vulnetix Request Demo

CVE-2025-40892 PUBLISHED CVSS 7.099999904632568 HIGH

A Stored Cross-Site Scripting vulnerability was discovered in the Reports functionality due to improper validation of an input parameter. An authenticated user with report privileges can define a malicious report containing a JavaScript payload, or a victim can be socially engineered to import a malicious report template. When the victim views or imports the report, the XSS executes in their browser context, allowing the attacker to perform unauthorized actions as the victim, such as modify application data, disrupt application availability, and access limited sensitive information.

EPSS 0.05% · 15.7th percentile

Risk Scores

CVSS v4.0

7.099999904632568

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:H/VA:H/SC:L/SI:L/SA:L

EPSS Score

0.05%

15.7th percentile

Affected Products

Vendor	Product	Versions
Nozomi Networks	CMC	0
Nozomi Networks	Guardian	0
nozominetworks	guardian	0
nozomi_networks	cmc	0
nozomi_networks	guardian	0
nozominetworks	cmc	0

Timeline

Apr 16, 2025 CVE ID Reserved
Dec 18, 2025 CVE Published
Dec 19, 2025 EPSS Score
Dec 22, 2025 EPSS Score
Dec 26, 2025 EPSS Score
Dec 29, 2025 EPSS Score
Jan 1, 2026 EPSS Score
Jan 5, 2026 EPSS Score
Jan 8, 2026 EPSS Score
Jan 11, 2026 EPSS Score
Jan 14, 2026 EPSS Score
Jan 18, 2026 EPSS Score

References

Open in Interactive Console →