Cross-Site Scripting Vulnerability in Leviton AcquiSuite and Energy Monitoring Hub
CVE-2025-6185

8.7HIGH

Key Information:

Vendor: Leviton
Status: Acquisuite; Energy Monitoring Hub
Vendor: CVE Published:; 18 July 2025

What is CVE-2025-6185?

Leviton AcquiSuite and Energy Monitoring Hub are affected by a cross-site scripting vulnerability. This issue occurs when an attacker is able to inject malicious scripts through URL parameters. When a user inadvertently accesses the crafted URL, the script can execute in their browser, leading to the potential theft of session tokens and unauthorized control over the affected services. This vulnerability poses significant security risks for users, highlighting the need for immediate attention and remedial measures.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

AcquiSuite Version A8810

Energy Monitoring Hub Version A8812

References

https://www.cisa.gov/news-events/ics-advisories/icsa-25-1...

https://leviton.com/support/resources/product-support

CVSS V4

Score:

8.7

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

Unknown

Timeline

Vulnerability published
Jul 18, 2025

JSON

Leviton