CVE-2025-34264
BaseFortify
Publication date: 2025-12-05
Last updated on: 2025-12-17
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| advantech | wise-deviceon_server | to 5.4 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a stored cross-site scripting (XSS) issue in Advantech WISE-DeviceOn Server versions prior to 5.4. It occurs in the /rmm/v1/dog/{agentId} endpoint when an authenticated user adds or edits Software Watchdog process rules. The monitored process name is stored and later displayed in the UI without proper HTML sanitation, allowing an attacker to inject malicious scripts. These scripts execute in the browser of users who view or interact with the affected rules, potentially compromising their sessions and enabling unauthorized actions.
How can this vulnerability impact me? :
The vulnerability can lead to session compromise and unauthorized actions by attackers. When malicious scripts injected into the process name execute in the browser context of users, attackers may hijack user sessions or perform actions on behalf of the victim without their consent.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring or inspecting requests to the /rmm/v1/dog/{agentId} endpoint where authenticated users add or edit Software Watchdog process rules. Look for suspicious or unexpected script tags or HTML content in the monitored process name fields within these requests or in the Software Watchdog UI. Specific commands are not provided in the resources, but you can use web proxy tools or interceptors (e.g., Burp Suite, OWASP ZAP) to capture and analyze HTTP requests to this endpoint for malicious script injection attempts. [1]
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to update Advantech WISE-DeviceOn Server to version 5.4 or later, where this stored XSS vulnerability has been fixed. Until the update is applied, restrict access to the /rmm/v1/dog/{agentId} endpoint to trusted authenticated users only, and educate users to avoid adding or editing Software Watchdog process rules with untrusted input. Additionally, monitor for suspicious activity related to this endpoint. [1]