CVE-2025-9225 | THREATINT

Description

Stored cross-site scripting (XSS) in the web interface of MiR software versions prior to 3.0.0 on MiR Robots and MiR Fleet allows execution of arbitrary JavaScript code in a victim’s browser

PUBLISHED Reserved 2025-08-20 | Published 2025-08-20 | Updated 2025-08-20 | Assigner TRO

MEDIUM: 5.5CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L

Problem types

CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')

Product status

Default status

unaffected

Any version before 3.0.0

affected

Default status

unaffected

Any version before 3.0.0

affected

Credits

Lockheed Martin Red Team reporter

References

a.storyblok.com/f/230581/x/82d4989368/msa-14.pdf vendor-advisory

supportportal.mobile-industrial-robots.com/...ecurity-guide/

cve.org (CVE-2025-9225)

nvd.nist.gov (CVE-2025-9225)

Download JSON

help @ threatint.eu