Is there a public PoC exploit available for CVE-2025-7728?

Yes, a public proof-of-concept exploit is available for CVE-2025-7728. Prioritise patching immediately. EPSS: 0.0%.

Scada-LTS CVE-2025-7728

Q: What is the CVSS score of CVE-2025-7728?

CVE-2025-7728 has a CVSS 4.0 base score of 2.0 (Low). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.0%.

LOW

Cross-site Scripting (XSS) (CWE-79)

2025-07-17 cna@vuldb.com

XSS Scada Lts

2.0

CVSS 4.0 · NVD

Severity by source

NVD PRIMARY

2.0 LOW

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

Scope

Lifecycle Timeline

Analysis Generated

Apr 29, 2026 - 01:19 vuln.today

DescriptionCVE.org

A vulnerability classified as problematic has been found in Scada-LTS up to 2.7.8.1. Affected is an unknown function of the file users.shtm. The manipulation of the argument Username leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this issue and confirmed that it will be fixed in the upcoming release 2.8.0.

AnalysisAI

Stored cross-site scripting (XSS) in Scada-LTS up to 2.7.8.1 allows authenticated users to inject malicious scripts via the Username parameter in the users.shtm file, enabling session hijacking or credential theft when administrators view affected user profiles. The vulnerability requires user interaction (clicking a malicious link) and authenticated access, resulting in low integrity impact. Public exploit code exists, though active exploitation has not been confirmed beyond disclosure. The vendor confirmed remediation in version 2.8.0.

Technical ContextAI

Scada-LTS is an open-source industrial control system (ICS) supervisory control and data acquisition platform. The vulnerability stems from improper input validation in the users.shtm administrative interface, where the Username parameter fails to sanitize or escape user-supplied input before rendering it in HTML responses. This is classified as stored XSS (CWE-79), meaning the malicious payload is persisted in the application state and executed whenever the affected page is accessed. The attack vector is network-based and requires authentication at the application level, limiting exposure to users with valid credentials.

RemediationAI

Upgrade Scada-LTS to version 2.8.0 or later as confirmed by the vendor. If immediate upgrade is not feasible, apply strict input validation and output encoding to the users.shtm file, specifically sanitizing the Username parameter using a context-aware encoding library (such as OWASP ESAPI or Angular/React built-in XSS prevention) before rendering in HTML contexts. Additionally, implement a Content Security Policy (CSP) header with script-src 'self' to mitigate the impact of any injected XSS payloads. Restrict access to the users.shtm administrative interface to a minimal set of trusted administrative accounts and monitor administrative interface access logs for suspicious activity. These compensating controls do not eliminate the vulnerability but significantly raise the barrier for successful exploitation.

CVE-2025-7728 vulnerability details – vuln.today

Back