CVE-2025-10235
BaseFortify
Publication date: 2025-09-11
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| scada-lts | scada-lts | to 2.7.8.1 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
| CWE-94 | The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-10235 is a stored cross-site scripting (XSS) vulnerability in the Scada-LTS platform up to version 2.7.8.1, specifically in the Reports module's Colour field. An authenticated attacker can inject malicious HTML or JavaScript code into this field, which is then stored and executed whenever the report template is opened or edited by any user. This leads to persistent client-side code execution within the victim's browser session, allowing attacks such as session hijacking, data theft, and manipulation of the user interface. [1, 2, 3]
How can this vulnerability impact me? :
Exploitation of this vulnerability can result in session hijacking, theft of sensitive data like CSRF tokens, user interface manipulation, and injection of rogue controls. In the context of SCADA/ICS environments, this can allow attackers to manipulate operator dashboards and interfere with industrial process monitoring and control, potentially leading to operational disruptions or unauthorized actions within critical infrastructure. [1, 2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by checking for the presence of malicious scripts injected into the Colour field of the Reports module (reports.shtm) in Scada-LTS version 2.7.8.1. Since exploitation requires authenticated access, detection involves reviewing report templates for suspicious HTML or JavaScript code in the Colour field. A practical approach is to query the report configuration files or database entries where the Colour field is stored, looking for payloads such as <img src=x onerror=alert(1)>. Network detection could involve monitoring HTTP requests to /reports.shtm for unusual or suspicious input patterns in the Colour parameter. Specific commands depend on the system setup, but examples include using grep or similar tools to search for suspicious script tags in configuration files or database dumps. For example, on a Linux system, you might run: grep -r --include='*.htm' -i '<script' /path/to/scada-lts/config or grep -r 'onerror' /path/to/scada-lts/config. Additionally, monitoring web server logs for requests containing suspicious payloads targeting the Colour parameter can help detect exploitation attempts. [1, 2, 3]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting access to the Reports module to trusted authenticated users only, as exploitation requires valid credentials. Avoid using or opening report templates that may contain malicious Colour field inputs. Implement input validation to restrict the Colour field to only accept strict patterns such as hexadecimal color codes (#RRGGBB) or known color names, rejecting all other inputs. Apply server-side encoding or escaping of user inputs using safe methods like JSP <c:out> tags instead of raw expressions. Avoid client-side usage of innerHTML for untrusted data; use textContent or sanitize inputs with libraries like DOMPurify. Additionally, implement Content Security Policy (CSP) headers to reduce the impact of any injected scripts. Since no official patch or vendor response is available, consider isolating or replacing the affected Scada-LTS version if possible. [2, 3]