CVE-2025-8075
XML Validation Flaw in ICS Software Enables Stored XSS Attack
Publication date: 2025-12-26
Last updated on: 2025-12-26
Assigner: Hanwha Vision Co., Ltd.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| hanwha | vision | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-20 | The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability involves inadequate validation of incoming XML format request messages in a system related to Industrial Control Systems (ICS) and OT/IoT security. Because of this insufficient validation, an attacker could exploit the flaw to perform Cross-Site Scripting (XSS) attacks on the user's browser.
How can this vulnerability impact me? :
The vulnerability could allow an attacker to execute malicious scripts in the user's browser via XSS attacks. This can lead to unauthorized actions, data theft, or session hijacking, potentially compromising the security and integrity of the affected system and user data.
What immediate steps should I take to mitigate this vulnerability?
Apply the patch firmware released by the manufacturer to fix the vulnerability. Refer to the manufacturer's report for details and any available workarounds.