CVE-2025-40900
Angular Template Injection in Reports Feature
Publication date: 2026-05-19
Last updated on: 2026-05-20
Assigner: Nozomi Networks Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| nozominetworks | cmc | to 26.1.0 (exc) |
| nozominetworks | guardian | to 26.1.0 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-1336 | The product uses a template engine to insert or process externally-influenced input, but it does not neutralize or incorrectly neutralizes special elements or syntax that can be interpreted as template expressions or other code directives when processed by the engine. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an Angular template injection issue found in the Reports functionality of Guardian and CMC products before version 26.1.0. It occurs because an input parameter is not properly validated.
An authenticated user with report privileges can create a malicious report containing an Angular template payload. Alternatively, a victim can be socially engineered to import a malicious report template.
When the victim views or imports the report, the Angular template executes in their browser context, potentially allowing the attacker to modify application data or disrupt application availability.
Full cross-site scripting (XSS) exploitation and direct information disclosure are prevented by existing input validation and Content Security Policy settings.
How can this vulnerability impact me? :
If exploited, this vulnerability allows an attacker to modify application data or disrupt the availability of the application by executing malicious Angular templates in the victim's browser.
The attacker needs to be an authenticated user with report privileges or trick a victim into importing a malicious report template.
Although full XSS exploitation and direct information disclosure are prevented, the ability to alter data or disrupt service can still have significant operational impacts.
What immediate steps should I take to mitigate this vulnerability?
To mitigate the risk of this Angular template injection vulnerability, users are advised to:
- Use internal firewall features to restrict access to the web management interface.
- Review and remove unnecessary accounts.
- Upgrade Guardian and CMC products to version 26.1.0 or later.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability allows an attacker to execute Angular template code in a victim's browser, potentially modifying application data or disrupting availability. However, full cross-site scripting exploitation and direct information disclosure are prevented by existing input validation and Content Security Policy settings.
There is no explicit information provided about the impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability involves an Angular template injection in the Reports functionality of Guardian and CMC products before version 26.1.0. Detection primarily involves identifying if your system is running a vulnerable version and if malicious report templates have been created or imported.
Since the vulnerability requires an authenticated user with report privileges to create or import malicious reports, monitoring user activity related to report creation and importation is important.
No specific detection commands or signatures are provided in the available information. However, general steps to detect this vulnerability include:
- Check the version of Guardian or CMC products to confirm if it is prior to 26.1.0.
- Review logs or audit trails for report creation or import events by authenticated users with report privileges.
- Inspect report templates for suspicious Angular template payloads.
To mitigate risk, it is recommended to upgrade to version 26.1.0 or later, restrict access to the web management interface using internal firewall features, and remove unnecessary accounts.