CVE-2025-34263
BaseFortify
Publication date: 2025-12-05
Last updated on: 2025-12-17
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| advantech | wise-deviceon_server | to 5.4 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection involves identifying if the /rmm/v1/plugin-config/dashboards/menus endpoint is accessible and if dashboard entries contain malicious scripts in the label or path fields. Since the vulnerability requires authenticated access, monitoring HTTP requests to this endpoint for suspicious input patterns (e.g., script tags) can help. There are no specific commands provided in the resources. However, you can use tools like curl or Burp Suite to authenticate and query the endpoint, then inspect responses for unsanitized script content. For example, a curl command to fetch dashboard menus after authentication might be used, but exact commands are not provided. [3]
Can you explain this vulnerability to me?
This vulnerability is a stored cross-site scripting (XSS) issue in Advantech WISE-DeviceOn Server versions prior to 5.4. It occurs in the /rmm/v1/plugin-config/dashboards/menus endpoint where an authenticated user can add or edit dashboard entries. The label and path values are stored without proper HTML sanitation and later rendered in the dashboard UI. An attacker can inject malicious scripts into these fields, which execute in the browsers of users who view or interact with the affected dashboard.
How can this vulnerability impact me? :
The vulnerability can lead to session compromise and unauthorized actions performed as the victim user. Since the malicious script executes in the context of the victim's browser, attackers may steal session tokens, perform actions on behalf of the user, or access sensitive information accessible through the dashboard interface.
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to update Advantech WISE-DeviceOn Server to version 5.4 or later, where the vulnerability has been fixed. Until the update is applied, restrict access to the affected endpoint to trusted users only, and monitor for suspicious activity. Avoid allowing untrusted users to add or edit dashboard entries to prevent exploitation. [3]