CVE-2025-9137
BaseFortify
Publication date: 2025-08-19
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| scada-lts | scada-lts | 2.7.8.1 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-94 | The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment. |
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability impact me? :
This vulnerability can allow attackers to execute malicious scripts in users' browsers, potentially leading to session hijacking, malware downloads, browser hijacking, credential theft, sensitive information disclosure, website defacement, user misdirection, and damage to the reputation of affected businesses. However, the vendor notes that exploitation scenarios typically require admin permissions, which already grant broad control, so the overall risk from this vulnerability alone is considered minimal. [1, 2]
Can you explain this vulnerability to me?
CVE-2025-9137 is a stored cross-site scripting (XSS) vulnerability in Scada-LTS version 2.7.8.1, specifically in the scheduled_events.shtm file. It occurs because the 'alias' parameter is not properly validated or sanitized, allowing attackers to inject malicious scripts that are stored on the server and executed in users' browsers when they access the affected page. Exploitation requires some user interaction and generally administrative privileges, as admins have full control over HTML and JavaScript in the system. [1, 2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by testing the scheduled_events.shtm endpoint for improper sanitization of the "alias" parameter. A practical detection method is to attempt injecting a simple XSS payload such as `<img src=x onerror=alert(1)>` into the Alias field on the scheduled_events.shtm page and then saving it. If the payload executes when the page is loaded, the vulnerability is present. There are no specific network commands provided, but manual testing via the web interface or automated web vulnerability scanners targeting stored XSS in this parameter can be used. [2]
What immediate steps should I take to mitigate this vulnerability?
No known countermeasures or mitigations are currently recommended by the vendor or researchers. The vendor notes that the risk is minimal because exploitation generally requires admin privileges, and admin users inherently have full control over HTML and JavaScript in the system. Immediate steps include considering replacing the affected component with an alternative product. Additionally, restricting admin access to trusted users and monitoring for suspicious activity may help reduce risk. [1]