Cross Site Scripting Vulnerability in Trimble SPS851 Ethernet Configuration Menu
CVE-2025-0220

5.1MEDIUM

Key Information:

Vendor: Trimble
Status: Sps851
Vendor: CVE Published:; 5 January 2025

What is CVE-2025-0220?

A vulnerability exists in the Trimble SPS851 version 488.01, affecting its Ethernet Configuration Menu. Specifically, the manipulation of the argument 'Hostname' can lead to cross site scripting (XSS), allowing for remote attacks. This publicly disclosed exploit poses risks as it can be initiated without local access. The vendor, Trimble, was informed about this vulnerability but has not issued any responses or mitigations.