Cross-Site Scripting Vulnerability in Mendix RichText Widget
CVE-2025-40834

6.8MEDIUM

Key Information:

Vendor: Siemens
Status: Mendix Richtext
Vendor: CVE Published:; 17 November 2025

What is CVE-2025-40834?

A serious vulnerability has been found in the Mendix RichText widget, affecting all versions from 4.0.0 to those prior to 4.6.1. The inadequately sanitized user input can lead to cross-site scripting attacks, enabling malicious actors to inject arbitrary scripts into web pages viewed by other users. This can compromise user data and application security. Ensuring proper input sanitization is crucial to mitigate these risks and protect your applications.

Affected Version(s)

Mendix RichText V4.0.0

References

https://cert-portal.siemens.com/productcert/html/ssa-1905...

CVSS V4

Score:

6.8

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 17, 2025
Vulnerability Reserved
Apr 16, 2025

JSON

Siemens

What is CVE-2025-40834?

Affected Version(s)

References

CVSS V4

Timeline