Cross-Site Scripting Vulnerability in Access Point by Vendor
CVE-2025-52687

2.4LOW

Key Information:

Vendor

Alcatel-lucent

Status
Omniaccess Stellar
Vendor
CVE Published:
16 July 2025

What is CVE-2025-52687?

This vulnerability allows an attacker with administrator credentials for the access point to execute malicious JavaScript within the context of the web traffic payload. This can lead to severe security implications, including session hijacking where attackers could impersonate legitimate users, and denial-of-service conditions affecting system availability. It is crucial for administrators to assess their security posture and apply necessary updates to mitigate the risks associated with this vulnerability.

Affected Version(s)

OmniAccess Stellar AP1100 AWOS versions 5.0.2 GA and earlier

OmniAccess Stellar AP1200 AWOS versions 5.0.2 GA and earlier

OmniAccess Stellar AP1300 AWOS versions 5.0.2 GA and earlier

References

https://www.csa.gov.sg/alerts-and-advisories/alerts/al-20...
https://www.al-enterprise.com/-/media/assets/internet/doc...

CVSS V3.1

Score:
2.4
Severity:
LOW
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Jay Turla
Japz Divino
Jerold Camacho
.
CVE-2025-52687 : Cross-Site Scripting Vulnerability in Access Point by Vendor