CVE-2025-34265
BaseFortify
Publication date: 2025-12-05
Last updated on: 2025-12-17
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| advantech | wise-deviceon_server | to 5.4 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a stored cross-site scripting (XSS) issue in Advantech WISE-DeviceOn Server versions prior to 5.4. It occurs in the /rmm/v1/rule-engines endpoint where authenticated users can create or update rules. The fields min, max, and unit in these rules are stored and later displayed without proper HTML sanitization. An attacker can inject malicious scripts into these fields, which will execute in the browsers of users who view or interact with the affected rules, potentially leading to session compromise and unauthorized actions.
How can this vulnerability impact me? :
The vulnerability can impact you by allowing attackers to execute malicious scripts in your browser when you view or interact with affected rules. This can lead to session compromise, meaning attackers could hijack your session, and perform unauthorized actions on your behalf within the application.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by inspecting the /rmm/v1/rule-engines endpoint for stored scripts in the rule fields min, max, and unit. Since it is a stored XSS vulnerability triggered by malicious script injection in these fields, you can detect it by querying or reviewing the rules created or updated by authenticated users for suspicious script tags or HTML content in these fields. Specific commands are not provided in the resources, but manual inspection or automated scanning of the rule data via API calls to /rmm/v1/rule-engines could help identify injected scripts. [2]
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to update Advantech WISE-DeviceOn Server to version 5.4 or later, where this stored XSS vulnerability has been fixed by properly sanitizing the input fields. Until the update is applied, restrict authenticated user permissions to limit rule creation or updates, and educate users to avoid interacting with suspicious rules. Applying input validation or sanitization at the application or proxy level may also help reduce risk. [2]