CVE-2025-10546
Awaiting Analysis Awaiting Analysis - Queue
BaseFortify

Publication date: 2025-09-16

Last updated on: 2025-09-18

Assigner: Indian Computer Emergency Response Team (CERT-In)

Description
This vulnerability exist in PPC 2K15X Router, due to improper input validation for the Common Gateway Interface (CGI) parameters at its web management portal. A remote attacker could exploit this vulnerability by injecting malicious JavaScript into the vulnerable parameter, leading to a reflected Cross-Site Scripting (XSS) attack on the targeted system.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-09-16
Last Modified
2025-09-18
Generated
2026-05-07
AI Q&A
2025-09-16
EPSS Evaluated
2026-05-05
NVD
CVE-2025-10546
EUVD
EUVD-2025-29571
Affected Vendors & Products
Currently, no data is known.
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-79 The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability exists in the PPC 2K15X Router due to improper input validation of Common Gateway Interface (CGI) parameters in its web management portal. A remote attacker can exploit this by injecting malicious JavaScript into the vulnerable parameter, resulting in a reflected Cross-Site Scripting (XSS) attack on the targeted system.


How can this vulnerability impact me? :

The vulnerability can allow a remote attacker to execute malicious JavaScript code in the context of the affected router's web management portal. This can lead to unauthorized actions, theft of sensitive information such as session cookies, or manipulation of the router's settings by tricking an authenticated user into executing the malicious script.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart