Which versions of Beghelli SicuroWeb are affected by EUVD-2026-25075?

Beghelli Sicuro24 SicuroWeb contains a critical template injection vulnerability exploitable via network-adjacent man-in-the-middle attacks on unencrypted HTTP connections, allowing attackers to…

Is there a public PoC exploit available for EUVD-2026-25075?

Yes, a public proof-of-concept exploit is available for EUVD-2026-25075. Prioritise patching immediately. EPSS: 0.1%.

Beghelli SicuroWeb EUVD-2026-25075

Q: What is the CVSS score of EUVD-2026-25075?

EUVD-2026-25075 has a CVSS 4.0 base score of 9.3 (Critical). CVSS vector: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:L/SC:H/SI:H/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.1%.

| CVE-2026-41468 CRITICAL

Use of Unmaintained Third Party Components (CWE-1104)

2026-04-22 VulnCheck

GHSA-rc26-p9p7-95f8

Code Injection Sicuroweb Sicuro24

9.3

CVSS 4.0

CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:L/SC:H/SI:H/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Adjacent

Attack Complexity

Low

Privileges Required

None

User Interaction

Scope

Lifecycle Timeline

Analysis Generated

Apr 23, 2026 - 06:46 vuln.today

PoC Detected

Apr 22, 2026 - 21:18 vuln.today

Public exploit code

CVSS changed

Apr 22, 2026 - 19:22 NVD

9.3 (CRITICAL)

EUVD ID Assigned

Apr 22, 2026 - 18:31 euvd

EUVD-2026-25075

Analysis Generated

Apr 22, 2026 - 18:31 vuln.today

CVE Published

Apr 22, 2026 - 18:04 nvd

CRITICAL 9.3

DescriptionNVD

Beghelli Sicuro24 SicuroWeb embeds AngularJS 1.5.2, an end-of-life component containing known sandbox escape primitives. When combined with template injection present in the same application, these primitives allow attackers to escape the AngularJS sandbox and achieve arbitrary JavaScript execution in operator browser sessions, enabling session hijacking, DOM manipulation, and persistent browser compromise. Network-adjacent attackers can deliver the complete injection and escape chain via MITM in plaintext HTTP deployments without active user interaction.

AnalysisAI

Template injection combined with AngularJS 1.5.2 sandbox escape primitives in Beghelli Sicuro24 SicuroWeb enables arbitrary JavaScript execution in operator browsers, leading to session hijacking and persistent compromise. Network-adjacent attackers can exploit this via MITM on plaintext HTTP deployments requiring only passive user interaction. …

RemediationAI

Within 24 hours: Identify all Beghelli Sicuro24 SicuroWeb deployments and verify TLS enforcement-disable HTTP access entirely and enforce HTTPS-only communication; audit logs for suspicious JavaScript execution or session anomalies. Within 7 days: Implement network segmentation to restrict SicuroWeb administrator access to dedicated VLANs with egress filtering; rotate all operator session credentials and enforce multi-factor authentication if supported. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

EUVD-2026-25075 vulnerability details – vuln.today

Back

Beghelli SicuroWeb EUVD-2026-25075

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Analysis

Full analysis requires sign-in

Share

Beghelli SicuroWeb EUVD-2026-25075

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

Share

External POC / Exploit Code