Cross-site Scripting Vulnerability in NEC Corporation UNIVERGE IX and Compatible Models
CVE-2025-11546

9.3CRITICAL

Key Information:

Vendor

Nec Corporation

Status
Clusterpro X For Linux (expresscluster X For Linux)
Clusterpro X Singleserversafe For Linux (expresscluster X Singleserversafe For Linux)
Vendor
CVE Published:
7 November 2025

What is CVE-2025-11546?

A Cross-site Scripting vulnerability in NEC Corporation's UNIVERGE IX products allows attackers to send carefully crafted network packets. This may lead to the execution of arbitrary OS commands without the need for authentication, exposing systems to potential exploitation and data breaches.

Affected Version(s)

CLUSTERPRO X for Linux (EXPRESSCLUSTER X for Linux) 4.0, 4.1, 4.2, 5.0, 5.1 and 5.2

CLUSTERPRO X SingleServerSafe for Linux (EXPRESSCLUSTER X SingleServerSafe for Linux) 4.0, 4.1, 4.2, 5.0, 5.1 and 5.2

References

https://jpn.nec.com/security-info/secinfo/nv25-006_en.html

CVSS V4

Score:
9.3
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.
CVE-2025-11546 : Cross-site Scripting Vulnerability in NEC Corporation UNIVERGE IX and Compatible Models