Stored Cross-Site Scripting Vulnerability in MiR Robots by Mobile Industrial Robots
CVE-2025-9225

5.5MEDIUM

Key Information:

Vendor: Mobile Industrial Robots
Status: Mir Robots; Mir Fleet
Vendor: CVE Published:; 20 August 2025

🔔 Create Mobile Industrial Robots Vulnerability Alert

What is CVE-2025-9225?

A stored cross-site scripting (XSS) vulnerability exists in the web interface of MiR software, affecting versions prior to 3.0.0 for MiR Robots and MiR Fleet. This flaw permits attackers to inject arbitrary JavaScript code, which can be executed in the browser of users accessing the interface. Successful exploitation of this vulnerability could lead to unauthorized actions performed in the context of the victim’s session, posing significant security risks.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

MiR Fleet 0 < 3.0.0

MiR Robots 0 < 3.0.0

References

https://mobile-industrial-robots.com/security-advisories/...

vendor-advisory

https://supportportal.mobile-industrial-robots.com/docume...

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Aug 20, 2025
Vulnerability Reserved
Aug 20, 2025

Credit

Lockheed Martin Red Team

JSON

Mobile Industrial Robots