CVE-2025-9145
BaseFortify
Publication date: 2025-08-19
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| scada-lts | scada-lts | 2.7.8.1 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-94 | The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment. |
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-9145 is a Stored Cross-Site Scripting (XSS) vulnerability in Scada-LTS version 2.7.8.1, specifically in the view_edit.shtm endpoint of the SVG File Handler component. It occurs because the backgroundImageMP parameter, which accepts SVG file uploads, is not properly validated or sanitized. Attackers can upload a malicious SVG file containing embedded JavaScript code that is stored on the server and executed automatically when the affected page is accessed, allowing arbitrary script execution in the victim's browser. [1, 2]
How can this vulnerability impact me? :
This vulnerability can lead to session cookie theft, browser hijacking, credential theft, malware distribution, unauthorized data access, website defacement, user misdirection, and reputational damage to businesses. Essentially, attackers can execute malicious scripts in users' browsers remotely, potentially compromising user data and system integrity. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by checking for the presence of malicious SVG files uploaded via the backgroundImageMP parameter on the view_edit.shtm page of Scada-LTS 2.7.8.1. One approach is to look for SVG files containing embedded <script> tags or suspicious JavaScript code. For example, you can search the server's upload directories for SVG files containing the <script> tag using a command like: grep -rl '<script>' /path/to/uploads/*.svg. Additionally, monitoring HTTP requests to the view_edit.shtm endpoint for unusual or suspicious payloads in the backgroundImageMP parameter can help detect exploitation attempts. Network intrusion detection systems (NIDS) can be configured to alert on such patterns. However, no specific detection commands are provided in the resources. [1, 2]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include preventing the upload or execution of malicious SVG files by restricting or sanitizing the backgroundImageMP parameter input. Since no known countermeasures or patches are currently available, it is suggested to consider replacing the affected component or product. Additionally, restricting user permissions to limit who can upload files, implementing input validation and sanitization on the server side, and monitoring for suspicious activity are recommended. Applying web application firewalls (WAF) rules to block malicious scripts in SVG files may also help reduce risk until a fix is available. [2]