How to fix CVE-2025-2212?

During next maintenance window: Apply vendor patches when convenient. Verify cross-site scripting controls are in place.

Is Castlenet CBW383G2N affected by CVE-2025-2212?

CVE-2025-2212 is a low-severity vulnerability in Castlenet CBW383G2N involving cross-site scripting (CVSS 2.4). The limited severity suggests constrained impact, typically requiring specific conditions or local access for exploitation.

Castlenet CBW383G2N CVE-2025-2212

LOW

Cross-site Scripting (XSS) (CWE-79)

2025-03-11 [email protected]

XSS

2.4

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

High

User Interaction

Required

Scope

Unchanged

Confidentiality

None

Integrity

Low

Availability

None

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 19:52 vuln.today

CVE Published

Mar 11, 2025 - 23:15 nvd

LOW 2.4

DescriptionNVD

A vulnerability was found in Castlenet CBW383G2N up to 20250301. It has been classified as problematic. This affects an unknown part of the file /RgSwInfo.asp. The manipulation of the argument Description with the input <img/src/onerror=prompt(8)> leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. The vendor was contacted early about this disclosure but did not respond in any way.

AnalysisAI

A vulnerability was found in Castlenet CBW383G2N versions up to 20250301. is affected by cross-site scripting (xss) (CVSS 2.4).

Technical ContextAI

This vulnerability (CWE-79: Cross-site Scripting (XSS)) affects A vulnerability was found in Castlenet CBW383G2N. was found in Castlenet CBW383G2N up to 20250301. It has been classified as problematic. This affects an unknown part of the file /RgSwInfo.asp. The manipulation of the argument Description with the input <img/src/onerror=prompt(8)> leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. The vendor was contacted early about this disclosure but did not respond in any way

Affected ProductsAI

Product: A vulnerability was found in Castlenet CBW383G2N. Versions: up to 20250301..

RemediationAI

Monitor vendor advisories for a patch. Implement output encoding and Content Security Policy headers. Restrict network access to the affected service where possible.

CVE-2025-2212 vulnerability details – vuln.today

Back