Cross-Site Scripting Vulnerability in NEC Corporation UNIVERGE IX
CVE-2025-8153

5.1MEDIUM

Key Information:

Vendor: Nec Corporation
Status: Univerge Ix; Univerge Ix-r/ix-v
Vendor: CVE Published:; 17 September 2025

🔔 Create Nec Corporation Vulnerability Alert

What is CVE-2025-8153?

A cross-site scripting vulnerability exists in NEC Corporation's UNIVERGE IX, allowing attackers to inject arbitrary scripts into user browsers. This vulnerability is present from versions 9.5 through 10.11.6 and in the UNIVERGE IX-R/IX-V versions 1.3.16 and 1.3.21. Attackers can exploit this vulnerability to execute malicious scripts in the context of users' sessions, potentially leading to unauthorized actions and data theft. It is crucial for users of the affected products to apply the necessary security measures and updates to mitigate risks.

Affected Version(s)

UNIVERGE IX from Ver.9.5 to Ver.10.7

UNIVERGE IX from Ver.10.8.21 to Ver.10.8.36

UNIVERGE IX from Ver.10.9.11 to Ver.10.9.24

References

https://jpn.nec.com/security-info/secinfo/nv25-005_en.html

CVSS V4

Score:

5.1

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 17, 2025
Vulnerability Reserved
Jul 25, 2025

Credit

RyotaK of GMO Flatt Security Inc.