CVE-2025-34259
BaseFortify
Publication date: 2025-12-05
Last updated on: 2025-12-17
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| advantech | wise-deviceon_server | to 5.4 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a stored cross-site scripting (XSS) issue in Advantech WISE-DeviceOn Server versions prior to 5.4. It occurs in the /rmm/v1/devicemap/building endpoint where an authenticated user can create a map entry with a name parameter that is stored without proper HTML sanitization. Malicious scripts injected into the map entry name are executed in the browser of users who view or interact with that map entry, potentially allowing attackers to compromise user sessions and perform unauthorized actions as those users.
How can this vulnerability impact me? :
The vulnerability can lead to session compromise and unauthorized actions performed in the context of affected users. This means attackers could hijack user sessions, steal sensitive information, or perform actions on behalf of legitimate users, potentially leading to data breaches or system misuse.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection of this vulnerability involves verifying if your Advantech WISE-DeviceOn Server version is prior to 5.4 and checking for stored XSS payloads in the /rmm/v1/devicemap/building endpoint's map entry names. Since the vulnerability requires an authenticated user to create a map entry with malicious script in the name parameter, you can inspect the map entries for suspicious scripts or HTML tags. There are no specific commands provided in the resources to detect this vulnerability automatically. Manual inspection of the map entries via the UI or API calls to the /rmm/v1/devicemap/building endpoint to list map entries and review their name fields for script tags or suspicious content is recommended. [3]
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to update the Advantech WISE-DeviceOn Server to version 5.4 or later, where the vulnerability has been fixed by properly sanitizing the input in the map entry name parameter. Until the update can be applied, restrict authenticated user access to the /rmm/v1/devicemap/building endpoint to trusted users only, and monitor or sanitize inputs manually to prevent injection of malicious scripts. Additionally, educate users to avoid interacting with suspicious map entries that may contain malicious scripts. [3]