CVE-2025-40894
Stored HTML Injection in Alerted Nodes Dashboard Enables Phishing
Publication date: 2026-03-04
Last updated on: 2026-04-14
Assigner: Nozomi Networks Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| nozominetworks | cmc | to 25.6.0 (exc) |
| nozominetworks | guardian | to 25.6.0 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-40894 is a Stored HTML Injection vulnerability found in the Alerted Nodes Dashboard functionality of Guardian and CMC products before version 25.6.0.
The issue occurs because of improper validation of an input parameter, allowing an authenticated user with the necessary privileges to edit a node label and inject malicious HTML tags.
When alerts are generated for the affected node and the system uses the Alerted Nodes Dashboard, the injected HTML may be rendered in the browsers of other users interacting with the dashboard.
This can enable phishing attacks and potentially open redirect attacks, although full cross-site scripting exploitation and direct information disclosure are prevented by existing input validation and Content Security Policy configurations.
How can this vulnerability impact me? :
[{'type': 'paragraph', 'content': 'This vulnerability can impact you by allowing a malicious authenticated user with privileges to inject HTML into node labels.'}, {'type': 'paragraph', 'content': "If the system uses the Alerted Nodes Dashboard and alerts are generated for the affected node, the injected HTML may be rendered in other users' browsers."}, {'type': 'paragraph', 'content': 'This can lead to phishing attacks and possibly open redirect attacks against users interacting with the dashboard.'}, {'type': 'paragraph', 'content': 'However, the risk is somewhat mitigated as full cross-site scripting exploitation and direct information disclosure are prevented by existing input validation and Content Security Policy.'}] [1]
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability involves a malicious authenticated user editing a node label to inject HTML tags in the Alerted Nodes Dashboard. Detection would involve monitoring for unexpected or suspicious HTML content in node labels within the dashboard.
Since the vulnerability is related to improper input validation on node labels, detection commands or tools would focus on inspecting node label data for injected HTML tags or unusual input patterns.
No specific detection commands or scripts are provided in the available resources.
What immediate steps should I take to mitigate this vulnerability?
The primary mitigation step is to upgrade the affected products (Guardian and CMC) to version 25.6.0 or later, where this vulnerability has been addressed.
No other workarounds or mitigations are provided in the available information.