Cross-Site Scripting Vulnerability in NEC Corporation UNIVERGE IX
CVE-2025-8153

5.1MEDIUM

Key Information:

Vendor: Nec Corporation
Status: Univerge Ix; Univerge Ix-r/ix-v
Vendor: CVE Published:; 17 September 2025

🔔 Create Nec Corporation Vulnerability Alert

What is CVE-2025-8153?

A cross-site scripting vulnerability exists in NEC Corporation's UNIVERGE IX, allowing attackers to inject arbitrary scripts into user browsers. This vulnerability is present from versions 9.5 through 10.11.6 and in the UNIVERGE IX-R/IX-V versions 1.3.16 and 1.3.21. Attackers can exploit this vulnerability to execute malicious scripts in the context of users' sessions, potentially leading to unauthorized actions and data theft. It is crucial for users of the affected products to apply the necessary security measures and updates to mitigate risks.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

UNIVERGE IX from Ver.9.5 to Ver.10.7

UNIVERGE IX from Ver.10.8.21 to Ver.10.8.36

UNIVERGE IX from Ver.10.9.11 to Ver.10.9.24

References

https://jpn.nec.com/security-info/secinfo/nv25-005_en.html

CVSS V4

Score:

5.1

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Timeline

Vulnerability published
Sep 17, 2025
Vulnerability Reserved
Jul 25, 2025

Credit

RyotaK of GMO Flatt Security Inc.

JSON

Nec Corporation

What is CVE-2025-8153?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V4

Timeline

Credit

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.