CVE-2025-40891
Unknown Unknown - Not Provided
Stored HTML Injection in Time Machine Snapshot Diff Enables Phishing

Publication date: 2025-12-18

Last updated on: 2026-04-14

Assigner: Nozomi Networks Inc.

Description
A Stored HTML Injection vulnerability was discovered in the Time Machine Snapshot Diff functionality due to improper validation of network traffic data. An unauthenticated attacker can send specially crafted network packets at two different times to inject HTML tags into asset attributes across two snapshots. Exploitation requires a victim to use the Time Machine Snapshot Diff feature on those specific snapshots and perform specific GUI actions, at which point the injected HTML renders in their browser, enabling phishing and open redirect attacks. Full XSS exploitation is prevented by input validation and Content Security Policy. Attack complexity is high due to multiple required conditions.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-18
Last Modified
2026-04-14
Generated
2026-05-07
AI Q&A
2025-12-18
EPSS Evaluated
2026-05-05
NVD
CVE-2025-40891
EUVD
EUVD-2025-204261
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
nozominetworks cmc *
nozominetworks guardian *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-79 The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

CVE-2025-40891 is a Stored HTML Injection vulnerability in the Time Machine Snapshot Diff feature of Nozomi Networks Guardian and CMC products before version 25.5.0. It occurs because network traffic data is not properly validated, allowing an unauthenticated attacker to send specially crafted packets at two different times to inject malicious HTML tags into asset attributes across two snapshots. When a victim uses the Snapshot Diff feature on those snapshots and performs specific GUI actions, the injected HTML renders in their browser, enabling phishing and open redirect attacks. Full cross-site scripting is prevented by input validation and Content Security Policy, and the attack is complex due to multiple required conditions. [1]


How can this vulnerability impact me? :

This vulnerability can impact you by enabling attackers to perform phishing and open redirect attacks through the injected HTML rendered in your browser when using the Time Machine Snapshot Diff feature. Although full cross-site scripting is mitigated, the injected content can still deceive users or redirect them to malicious sites, potentially compromising user trust and security. Exploitation requires specific user actions and conditions, making the attack complex but still possible. [1]


What immediate steps should I take to mitigate this vulnerability?

The only mitigation available is to upgrade Guardian and CMC products to version 25.5.0 or later, as there are no workarounds or other mitigations available. [1]


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart