Cross-Site Scripting Vulnerability in Ericsson Indoor Connect Product
CVE-2025-40842

8.5HIGH

Key Information:

Vendor: Ericsson
Status: Indoor Connect 8855
Vendor: CVE Published:; 25 March 2026

What is CVE-2025-40842?

The Ericsson Indoor Connect 8855 is susceptible to a Cross-Site Scripting (XSS) vulnerability in versions released before 2025.Q3. This flaw allows attackers to potentially exploit the system, resulting in unauthorized access to sensitive information and the possibility to alter specific data. Users of affected versions should consider implementing security measures to mitigate risks and ensure their systems remain secure.

Affected Version(s)

Indoor Connect 8855 0

References

https://www.ericsson.com/en/about-us/security/psirt/secur...

https://www.ericsson.com/en/about-us/security/psirt/CVE-2...

CVSS V4

Score:

8.5

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 25, 2026
Vulnerability Reserved
Apr 16, 2025

Credit

Telstra

CVE-2025-40842 Data

JSON