Skip to main content

Cmc CVE-2025-40892

HIGH
Cross-site Scripting (XSS) (CWE-79)
2025-12-18 prodsec@nozominetworks.com
7.1
CVSS 4.0 · NVD
Share

Severity by source

NVD PRIMARY
7.1 HIGH
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:H/VA:H/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:H/VA:H/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
P
Scope
X

Lifecycle Timeline

1
Analysis Generated
Apr 14, 2026 - 10:26 vuln.today

DescriptionCVE.org

A Stored Cross-Site Scripting vulnerability was discovered in the Reports functionality due to improper validation of an input parameter. An authenticated user with report privileges can define a malicious report containing a JavaScript payload, or a victim can be socially engineered to import a malicious report template. When the victim views or imports the report, the XSS executes in their browser context, allowing the attacker to perform unauthorized actions as the victim, such as modify application data, disrupt application availability, and access limited sensitive information.

AnalysisAI

Stored cross-site scripting in Nozomi Networks CMC and Guardian allows authenticated users with report privileges to inject malicious JavaScript payloads into report definitions. When victims view or import these weaponized reports, the XSS executes in their browser context, enabling attackers to modify application data, disrupt availability, and access sensitive information. The vulnerability requires low-privilege authentication and user interaction (CVSS:4.0 score 7.1, PR:L/UI:P), with high integrity and availability impacts but limited confidentiality exposure. No public exploit identified at time of analysis, though the attack technique is well-understood and straightforward given the stored XSS nature.

Technical ContextAI

This is a stored (persistent) cross-site scripting vulnerability (CWE-79) affecting the Reports functionality in Nozomi Networks CMC (Central Management Console) and Guardian products. The vulnerability stems from insufficient input validation when processing report definition parameters. Unlike reflected XSS, stored XSS persists the malicious payload in the application's data store (report definitions or templates), making it more dangerous as it affects all users who subsequently interact with the poisoned data. The attack surface includes both direct creation of malicious reports by authenticated users and social engineering vectors where victims import externally-crafted report templates. The CVSS 4.0 vector indicates network-accessible exploitation (AV:N) with low attack complexity (AC:L) but requires low-level authentication (PR:L) and victim interaction (UI:P). The vulnerability affects both confidentiality and integrity across security boundaries (VC:L/VI:H, SC:L/SI:L), suggesting the XSS can impact other users' sessions beyond the immediate victim.

RemediationAI

Consult the official Nozomi Networks security advisory NN-2025:13-01 at https://security.nozominetworks.com/NN-2025:13-01 for specific patched versions and upgrade instructions for CMC and Guardian products. Organizations should upgrade to the vendor-recommended fixed versions as the primary remediation strategy. As an interim mitigation, restrict report creation and import privileges to a minimal set of trusted administrators, implement strict review processes for any externally-sourced report templates before importing, and educate users about the risks of importing untrusted report definitions. Additionally, review Siemens security advisory SSA-827968 at https://cert-portal.siemens.com/productcert/html/ssa-827968.html if using Siemens-branded products that incorporate Nozomi components. Deploy Content Security Policy (CSP) headers if feasible to provide defense-in-depth against XSS execution, though this should not replace patching.

More in Cmc

View all
CVE-2023-29245 CRITICAL
9.2 Sep 19

A SQL Injection vulnerability in Nozomi Networks Guardian and CMC, due to improper input validation in certain fields us

CVE-2026-31984 HIGH
8.7 Jul 09

Disk-exhaustion denial of service in Nozomi Networks Guardian and Central Management Console (CMC) lets a remote, unauth

CVE-2023-2567 HIGH
8.7 Sep 19

A SQL Injection vulnerability has been found in Nozomi Networks Guardian and CMC, due to improper input validation in ce

CVE-2023-23574 HIGH
8.7 Aug 09

A blind SQL Injection vulnerability in Nozomi Networks Guardian and CMC, due to improper input validation in the alerts_

CVE-2023-22378 HIGH
8.7 Aug 09

A blind SQL Injection vulnerability in Nozomi Networks Guardian and CMC, due to improper input validation in the sorting

CVE-2022-0551 HIGH
8.6 Mar 24

Improper Input Validation vulnerability in project file upload in Nozomi Networks Guardian and CMC allows an authenticat

CVE-2022-0550 HIGH
8.6 Mar 24

Improper Input Validation vulnerability in custom report logo upload in Nozomi Networks Guardian, and CMC allows an auth

CVE-2023-32649 HIGH
8.2 Sep 19

A Denial of Service (Dos) vulnerability in Nozomi Networks Guardian and CMC, due to improper input validation in certain

CVE-2023-22843 HIGH
7.3 Aug 09

An authenticated attacker with administrative access to the web management interface can inject malicious JavaScript cod

CVE-2026-33390 HIGH
7.2 Jul 09

Privilege escalation via configuration synchronization in Nozomi Networks Guardian and Central Management Console (CMC)

CVE-2025-40897 HIGH
7.2 Apr 15

Privilege escalation in Nozomi Networks Guardian and CMC Threat Intelligence module allows authenticated view-only users

CVE-2025-40898 HIGH
7.2 Dec 18

Path traversal in Nozomi Networks CMC and Guardian allows authenticated users with limited privileges to write arbitrary

Share

CVE-2025-40892 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy