CVE-2025-8765
BaseFortify
Publication date: 2025-08-09
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| datacom | dm955_5gt_1200 | 825.8010.00 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-94 | The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment. |
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-8765 is a cross-site scripting (XSS) vulnerability in the Datacom DM955 5GT 1200 device, version 825.8010.00, specifically in the Wireless Basic Settings component. It occurs because the SSID argument does not properly neutralize user input, allowing an attacker to inject malicious scripts. These scripts can then be executed in the context of the device's management interface when viewed by other users. The attack can be launched remotely but requires some user interaction. [1, 2]
How can this vulnerability impact me? :
This vulnerability can impact you by allowing an attacker to execute malicious scripts within the management interface of the affected device. This can lead to data integrity issues, such as unauthorized manipulation or theft of information displayed or processed by the device. Since the attack is remotely exploitable and involves user interaction, it can be used to compromise the security of the device and potentially the network it manages. [1, 2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by checking if the Wireless Basic Settings SSID field in the Datacom DM955 5GT 1200 device (version 825.8010.00) is vulnerable to cross-site scripting (XSS) by attempting to inject a script such as `<script>alert(1)</script>` into the SSID field and observing if it executes in the management interface. There are no specific commands provided for detection, but manual testing of the SSID input field for script injection is suggested. [2]
What immediate steps should I take to mitigate this vulnerability?
No known countermeasures or mitigations currently exist for this vulnerability. The suggested immediate step is to replace the affected product to mitigate the risk of exploitation. [1]