Cross-Site Scripting Flaw in Extreme Networks' ExtremeControl
CVE-2025-6235

5.3MEDIUM

Key Information:

Vendor: Extreme Networks
Status: Extremecontrol
Vendor: CVE Published:; 21 July 2025

🔔 Create Extreme Networks Vulnerability Alert

What is CVE-2025-6235?

A cross-site scripting vulnerability has been identified in the login interface of ExtremeControl prior to version 25.5.12. This vulnerability arises from inadequate validation of user inputs within HTML attributes, allowing attackers to inject malicious script code. If successfully exploited, the attack could execute scripts in a user's browser, potentially compromising sensitive user data and enabling unauthorized actions in the browser context.

Affected Version(s)

ExtremeControl 25.2.12 < 25.5.11

References

https://extreme-networks.my.site.com/

CVSS V4

Score:

5.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 21, 2025
Vulnerability Reserved
Jun 18, 2025