CVE-2025-40903
Stored HTML Injection in Nozomi Networks SRA
Publication date: 2026-05-19
Last updated on: 2026-05-19
Assigner: Nozomi Networks Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| nozominetworks | cmc | to 26.1.0 (exc) |
| nozominetworks | guardian | to 26.1.0 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a Stored HTML Injection found in the Schedule Restore Archive feature of Guardian and CMC products before version 26.1.0. It occurs because the system does not properly validate an input parameter, allowing an authenticated administrator to insert malicious HTML tags into a restore schedule.
When other users view the affected schedule, the injected HTML executes in their browsers, which can lead to phishing attacks or open redirect attacks. However, full Cross-Site Scripting (XSS) exploitation and direct information disclosure are prevented by existing input validation and Content Security Policy.
How can this vulnerability impact me? :
The vulnerability can impact you by enabling an attacker with administrative privileges to inject malicious HTML into restore schedules. When other users view these schedules, the malicious HTML can execute in their browsers, potentially leading to phishing attacks or open redirect attacks.
Although full XSS exploitation and direct information disclosure are mitigated, the risk remains medium, meaning it could still compromise user trust and security through social engineering or redirecting users to malicious sites.
What immediate steps should I take to mitigate this vulnerability?
To mitigate the Stored HTML Injection vulnerability in the Schedule Restore Archive feature, you should upgrade your Guardian and CMC products to version 26.1.0 or later.
- Restrict access to the web management interface using internal firewalls.
- Review administrative accounts and remove any unnecessary ones to limit the number of users who can inject malicious HTML.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability allows an authenticated administrator to inject malicious HTML into restore schedules, which can lead to phishing and open redirect attacks when viewed by other users.
Although full Cross-Site Scripting exploitation and direct information disclosure are mitigated, the presence of phishing risks could potentially impact compliance with standards and regulations that require protection of user data and prevention of unauthorized access or social engineering attacks, such as GDPR and HIPAA.
Organizations using affected versions should upgrade to version 26.1.0 or later and implement additional security measures like restricting access to the web management interface and reviewing administrative accounts to reduce risk and maintain compliance.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by identifying if your system is running versions of Guardian or CMC products prior to 26.1.0, as these versions are affected by the Stored HTML Injection issue in the Schedule Restore Archive feature.
Since the vulnerability involves an authenticated administrator injecting malicious HTML into restore schedules, detection involves reviewing restore schedule entries for suspicious or unexpected HTML tags.
No specific commands are provided in the available resources for direct detection on the network or system.
Recommended actions include upgrading to version 26.1.0 or later, restricting access to the web management interface via internal firewalls, and reviewing administrative accounts to remove unnecessary ones.