Cross-Site Scripting Vulnerability in Access Point by Vendor
CVE-2025-52687

2.4LOW

Key Information:

Vendor: Alcatel-lucent
Status: Omniaccess Stellar
Vendor: CVE Published:; 16 July 2025

🔔 Create Alcatel-lucent Vulnerability Alert

What is CVE-2025-52687?

This vulnerability allows an attacker with administrator credentials for the access point to execute malicious JavaScript within the context of the web traffic payload. This can lead to severe security implications, including session hijacking where attackers could impersonate legitimate users, and denial-of-service conditions affecting system availability. It is crucial for administrators to assess their security posture and apply necessary updates to mitigate the risks associated with this vulnerability.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

OmniAccess Stellar AP1100 AWOS versions 5.0.2 GA and earlier

OmniAccess Stellar AP1200 AWOS versions 5.0.2 GA and earlier

OmniAccess Stellar AP1300 AWOS versions 5.0.2 GA and earlier

References

https://www.csa.gov.sg/alerts-and-advisories/alerts/al-20...

https://www.al-enterprise.com/-/media/assets/internet/doc...

CVSS V3.1

Score:

2.4

Severity:

LOW

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jul 16, 2025
Vulnerability Reserved
Jun 19, 2025

Credit

Jay Turla

Japz Divino

Jerold Camacho

JSON

Alcatel-lucent