Stored Cross-Site Scripting Vulnerability in Reports Functionality of Affected Product
CVE-2025-40892

7.1HIGH

Key Information:

Vendor: Nozomi Networks
Status: Guardian; Cmc
Vendor: CVE Published:; 18 December 2025

🔔 Create Nozomi Networks Vulnerability Alert

What is CVE-2025-40892?

A security weakness in the Reports feature allows authenticated users with specific privileges to create harmful reports containing JavaScript payloads. This vulnerability arises from inadequate input validation, enabling an attacker to socially engineer a victim into importing or viewing a malicious report. Once activated in the victim's browser context, the script can execute unauthorized actions, compromising application data, disrupting service availability, and potentially exposing sensitive information.

Affected Version(s)

CMC 0 < 25.5.0

Guardian 0 < 25.5.0

References

https://security.nozominetworks.com/NN-2025:13-01

CVSS V4

Score:

7.1

Severity:

HIGH

Confidentiality:

Low

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 18, 2025
Vulnerability Reserved
Apr 16, 2025

Credit

This issue was found by Stefano Libero of Nozomi Networks Product Security team during an internal investigation.

JSON