CVE-2025-6185
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-07-18

Last updated on: 2025-07-22

Assigner: ICS-CERT

Description
Leviton AcquiSuite and Energy Monitoring Hub are susceptible to a cross-site scripting vulnerability, allowing an attacker to craft a malicious payload in URL parameters, which would execute in a client browser when accessed by a user, steal session tokens, and control the service.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-07-18
Last Modified
2025-07-22
Generated
2026-05-07
AI Q&A
2025-07-18
EPSS Evaluated
2026-05-05
NVD
CVE-2025-6185
EUVD
EUVD-2025-21832
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
leviton acquisuite *
leviton energy_monitoring_hub *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-79 The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability is a cross-site scripting (XSS) issue in Leviton AcquiSuite and Energy Monitoring Hub. An attacker can create a malicious payload within URL parameters that, when accessed by a user, executes in the user's browser. This execution can steal session tokens and allow the attacker to control the service.


How can this vulnerability impact me? :

The vulnerability can lead to unauthorized access by allowing attackers to steal session tokens and take control of the affected service. This can result in compromised user accounts, unauthorized actions, and potential disruption or misuse of the service.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart