CVE-2025-40902
Modified Modified - Updated After Analysis
Stored HTML Injection in User Management System

Publication date: 2026-05-19

Last updated on: 2026-06-09

Assigner: Nozomi Networks Inc.

Description
A Stored HTML Injection vulnerability was discovered in the Users functionality due to improper validation of an input parameter. An authenticated user with administrative privileges can create a malicious user whose username contains HTML tags. When a victim attempts to delete a group containing the affected user, the injected HTML renders in their browser, enabling phishing and possibly open redirect attacks. Full XSS exploitation and direct information disclosure are prevented by the existing input validation and Content Security Policy configuration.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-19
Last Modified
2026-06-09
Generated
2026-06-10
AI Q&A
2026-05-19
EPSS Evaluated
2026-06-08
NVD
CVE-2025-40902
EUVD
EUVD-2025-209893
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
nozominetworks cmc to 26.1.0 (exc)
nozominetworks guardian to 26.1.0 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-79 The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is a Stored HTML Injection found in the Users functionality of Guardian and CMC software versions prior to 26.1.0. It occurs because input parameters are not properly validated, allowing an authenticated administrative user to create a malicious user account with a username that contains HTML tags.

When another user tries to delete a group containing this malicious user, the injected HTML executes in their browser. This can enable phishing attacks or open redirect attacks. However, full Cross-Site Scripting (XSS) exploitation and direct information disclosure are prevented by existing input validation and Content Security Policy.

Compliance Impact

The provided information does not specify any direct impact of this Stored HTML Injection vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.

Impact Analysis

The vulnerability can impact you by enabling phishing and open redirect attacks through the execution of malicious HTML in the browser of a user who attempts to delete a group containing the affected user.

Although full XSS exploitation and direct information disclosure are mitigated, the vulnerability still poses a medium risk, potentially compromising user trust and security.

To reduce risk, it is recommended to upgrade to version 26.1.0 or later, restrict access to the web management interface via internal firewall rules, review and remove unnecessary administrative accounts, and inspect usernames for suspicious HTML content.

Detection Guidance

This vulnerability can be detected by inspecting existing usernames in the system for suspicious HTML content, specifically usernames containing HTML tags that should not normally be present.

Since the vulnerability involves malicious usernames with embedded HTML, you can use commands or queries to list all usernames and search for HTML tags such as <, >, or script elements.

  • For example, on systems where usernames are stored in a database, run a query to find usernames containing angle brackets or HTML tags.
  • On Linux-based systems, if usernames are stored in files, use commands like: grep -E '<|>' /path/to/usernames_file
  • Review administrative accounts and their usernames manually or via scripts to detect any unusual HTML content.
Mitigation Strategies

Immediate mitigation steps include:

  • Upgrade the Guardian and CMC software to version 26.1.0 or later, where the vulnerability is fixed.
  • Restrict access to the web management interface by applying internal firewall rules to limit who can reach the interface.
  • Review and remove any unnecessary administrative user accounts to reduce the risk of malicious account creation.
  • Inspect existing usernames for suspicious HTML content and remove or correct any malicious usernames found.
Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-40902. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart