CVE-2025-63211 | THREATINT

Description

Stored cross-site scripting vulnerability in bridgetech VBC Server & Element Manager, firmware versions 6.5.0-9 thru 6.5.0-10, allows attackers to execute arbitrary code via the addName parameter to the /vbc/core/userSetupDoc/userSetupDoc endpoint.

PUBLISHED Reserved 2025-10-27 | Published 2025-11-19 | Updated 2025-11-21 | Assigner mitre

References

github.com/...ech VBC Server and Element Manager Stored xss exploit

bridgetech.tv/

github.com/...ech VBC Server and Element Manager Stored xss

cve.org (CVE-2025-63211)

nvd.nist.gov (CVE-2025-63211)

Download JSON