CVE-2025-40894
HTML injection in Alerted Nodes Dashboard in Guardian/CMC before 25.6.0
Severity Score
2.1
*CVSS v4
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
Track
*SSVC
Descriptions
A Stored HTML Injection vulnerability was discovered in the Alerted Nodes Dashboard functionality due to improper validation on an input parameter. A malicious authenticated user with the required privileges could edit a node label to inject HTML tags. If the system is configured to use the Alerted Nodes Dashboard, and alerts are reported for the affected node, then the injected HTML may render in the browser of a victim user interacting with it, enabling phishing and possibly open redirect attacks. Full XSS exploitation and direct information disclosure are prevented by the existing input validation and Content Security Policy configuration.
*Credits:
This issue was found by Stefano Libero of Nozomi Networks Product Security team during an internal investigation.
CVSS Scores
Attack Vector
Attack Complexity
Attack Requirements
Privileges Required
User Interaction
System
Vulnerable | Subsequent
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:Track
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2025-04-16 CVE Reserved
- 2026-03-04 CVE Published
- 2026-03-04 CVE Updated
- ---------- EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CAPEC
- CAPEC-592: Stored XSS
References (1)
| URL | Tag | Source |
|---|---|---|
| https://security.nozominetworks.com/NN-2025:16-01 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Nozomi Networks Search vendor "Nozomi Networks" | Guardian Search vendor "Nozomi Networks" for product "Guardian" | < 25.6.0 Search vendor "Nozomi Networks" for product "Guardian" and version " < 25.6.0" | en |
Affected
| ||||||
| Nozomi Networks Search vendor "Nozomi Networks" | CMC Search vendor "Nozomi Networks" for product "CMC" | < 25.6.0 Search vendor "Nozomi Networks" for product "CMC" and version " < 25.6.0" | en |
Affected
| ||||||