CVE-2025-40894
Received Received - Intake
Stored HTML Injection in Alerted Nodes Dashboard Enables Phishing

Publication date: 2026-03-04

Last updated on: 2026-04-14

Assigner: Nozomi Networks Inc.

Description
A Stored HTML Injection vulnerability was discovered in the Alerted Nodes Dashboard functionality due to improper validation on an input parameter. A malicious authenticated user with the required privileges could edit a node label to inject HTML tags. If the system is configured to use the Alerted Nodes Dashboard, and alerts are reported for the affected node, then the injected HTML may render in the browser of a victim user interacting with it, enabling phishing and possibly open redirect attacks. Full XSS exploitation and direct information disclosure are prevented by the existing input validation and Content Security Policy configuration.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-04
Last Modified
2026-04-14
Generated
2026-06-16
AI Q&A
2026-03-04
EPSS Evaluated
2026-06-15
NVD
CVE-2025-40894
EUVD
EUVD-2025-208267
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
nozominetworks cmc to 25.6.0 (exc)
nozominetworks guardian to 25.6.0 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-79 The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2025-40894 is a Stored HTML Injection vulnerability found in the Alerted Nodes Dashboard functionality of Guardian and CMC products before version 25.6.0.

The issue occurs because of improper validation of an input parameter, allowing an authenticated user with the necessary privileges to edit a node label and inject malicious HTML tags.

When alerts are generated for the affected node and the system uses the Alerted Nodes Dashboard, the injected HTML may be rendered in the browsers of other users interacting with the dashboard.

This can enable phishing attacks and potentially open redirect attacks, although full cross-site scripting exploitation and direct information disclosure are prevented by existing input validation and Content Security Policy configurations.

Impact Analysis

[{'type': 'paragraph', 'content': 'This vulnerability can impact you by allowing a malicious authenticated user with privileges to inject HTML into node labels.'}, {'type': 'paragraph', 'content': "If the system uses the Alerted Nodes Dashboard and alerts are generated for the affected node, the injected HTML may be rendered in other users' browsers."}, {'type': 'paragraph', 'content': 'This can lead to phishing attacks and possibly open redirect attacks against users interacting with the dashboard.'}, {'type': 'paragraph', 'content': 'However, the risk is somewhat mitigated as full cross-site scripting exploitation and direct information disclosure are prevented by existing input validation and Content Security Policy.'}] [1]

Compliance Impact

I don't know

Detection Guidance

This vulnerability involves a malicious authenticated user editing a node label to inject HTML tags in the Alerted Nodes Dashboard. Detection would involve monitoring for unexpected or suspicious HTML content in node labels within the dashboard.

Since the vulnerability is related to improper input validation on node labels, detection commands or tools would focus on inspecting node label data for injected HTML tags or unusual input patterns.

No specific detection commands or scripts are provided in the available resources.

Mitigation Strategies

The primary mitigation step is to upgrade the affected products (Guardian and CMC) to version 25.6.0 or later, where this vulnerability has been addressed.

No other workarounds or mitigations are provided in the available information.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-40894. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart