CVE-2025-48470

EPSS 0.03%
Published 24.06.2025 02:19:33
Last modified 09.07.2025 15:21:40
Source 5f57b9bf-260d-4433-bf07-b6a79e
Teams watchlist Login
Open Login

Successful exploitation of the stored cross-site scripting vulnerability could allow an attacker to inject malicious scripts into device fields and executed in other users’ browser, potentially leading to session hijacking, defacement, credential theft, or privilege escalation.

Affected products Warnungen 0 Metrics 2 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Advantech ≫ Wise-4010lan Firmware Version-

Advantech ≫ Wise-4010lan Version-

Advantech ≫ Wise-4050lan Firmware Version-

Advantech ≫ Wise-4050lan Version-

Advantech ≫ Wise-4060lan Firmware Version-

Advantech ≫ Wise-4060lan Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.03%	0.061

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
5f57b9bf-260d-4433-bf07-b6a79e9bb7d4	4.1	0.7	3.4	CVSS:3.1/AV:A/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L

CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

https://www.csa.gov.sg/alerts-and-advisories/alerts/al-2025-061

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2025-48470

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-48470

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-48470

EUVD