Stored Cross-Site Scripting Vulnerability in Polarion by Siemens
CVE-2025-40587
6.2MEDIUM
Key Information:
- Vendor
Siemens
- Vendor
- CVE Published:
- 10 February 2026
What is CVE-2025-40587?
A vulnerability in Polarion allows authenticated attackers to exploit the application by embedding arbitrary JavaScript code within document titles. This opens a pathway for stored cross-site scripting attacks, where the crafted document titles are later accessed by other users, leading to potential security breaches.
Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.
Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.
Affected Version(s)
Polarion V2404 0
Polarion V2410 0
References
CVSS V4
Score:
6.2
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
Unknown
Timeline
Vulnerability published
Vulnerability Reserved