CVE-2025-41768

Description

An high privileged remote attacker can inject arbitrary content into the custom CSS field on the affected devices due to improper neutralization of input during web page generation ('Cross-site Scripting').

PUBLISHED Reserved 2025-04-16 | Published 2026-01-20 | Updated 2026-02-12 | Assigner CERTVDE

Problem types

CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Product status

Credits

Roby Firnando Yusuf from Jeonbuk National University finder

References

certvde.com/de/advisories/VDE-2025-106

cve.org (CVE-2025-41768)

nvd.nist.gov (CVE-2025-41768)

Download JSON