CVE-2025-24833

Description

Stored cross-site scripting (XSS) vulnerability in desknet's NEO versions V4.0R1.0–V9.0R2.0 allow execution of arbitrary JavaScript in a user’s web browser.

PUBLISHED Reserved 2025-09-01 | Published 2025-10-16 | Updated 2025-10-16 | Assigner jpcert

Problem types

Cross-site scripting (XSS)

Product status

References

www.desknets.com/neo/support/mainte/17475/

jvn.jp/en/jp/JVN90757550/

cve.org (CVE-2025-24833)

nvd.nist.gov (CVE-2025-24833)

Download JSON