CVE-2025-25625
Last modified
CVE-2025-25625 is a medium-severity vulnerability rated 5.4/10 on the CVSS scale. A stored cross-site scripting vulnerability exists in FS model S3150-8T2F switches running firmware s3150-8t2f-switch-fsos-220d_118101 and web firmware v2.2.2, which allows an authenticated web interface user to bypass input filtering on user names, and stores un-sanitized HTML and Javascript on the device. Pages which then present the user name without encoding special characters will then cause the injected code to be parsed by the browsers of other users accessing the web interface.. EPSS estimates a 0.22% chance of exploitation in the next 30 days.
Description
A stored cross-site scripting vulnerability exists in FS model S3150-8T2F switches running firmware s3150-8t2f-switch-fsos-220d_118101 and web firmware v2.2.2, which allows an authenticated web interface user to bypass input filtering on user names, and stores un-sanitized HTML and Javascript on the device. Pages which then present the user name without encoding special characters will then cause the injected code to be parsed by the browsers of other users accessing the web interface.
Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Fs | S3150-8t2f Firmware | 2.2.2 |
| Fs | S3150-8t2f Firmware | s3150-8t2f-switch-fsos-220d_118101 |
References
Timeline
- Published
- Last Modified
- Status
- Analyzed
Frequently Asked Questions
What is CVE-2025-25625?
How severe is CVE-2025-25625?
How do I fix CVE-2025-25625?
Are you affected by CVE-2025-25625?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST