{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-2072", "assignerOrgId": "551230f0-3615-47bd-b7cc-93e92e730bbf", "state": "PUBLISHED", "assignerShortName": "SEC-VLab", "dateReserved": "2025-03-06T18:18:50.024Z", "datePublished": "2025-03-31T08:34:14.205Z", "dateUpdated": "2025-03-31T16:18:32.084Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unknown", "modules": ["Web User Interface"], "platforms": ["Linux"], "product": "FAST LTA Silent Brick WebUI", "vendor": "FAST LTA", "versions": [{"lessThan": "2.63.04", "status": "affected", "version": "WebUI Release 2.45 (Linux 5.4.109-gentoo-FAST)", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Stefan Mettler from CRYPTRON Security GmbH"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "A Reflected Cross-Site Scripting (XSS) vulnerability has been discovered in FAST LTA Silent Brick WebUI, allowing attackers to inject malicious JavaScript code into web pages viewed by users. This issue arises when user-supplied input is improperly handled and reflected directly in the output of a web page without proper sanitization or encoding. Exploiting this vulnerability, an attacker can execute arbitrary JavaScript in the context of the victim's browser, potentially leading to session hijacking, data theft, and other malicious actions. Affected WebUI parameters are \"h\", \"hd\", \"p\", \"pi\", \"s\", \"t\", \"x\", \"y\".<br><br><br>"}], "value": "A Reflected Cross-Site Scripting (XSS) vulnerability has been discovered in FAST LTA Silent Brick WebUI, allowing attackers to inject malicious JavaScript code into web pages viewed by users. This issue arises when user-supplied input is improperly handled and reflected directly in the output of a web page without proper sanitization or encoding. Exploiting this vulnerability, an attacker can execute arbitrary JavaScript in the context of the victim's browser, potentially leading to session hijacking, data theft, and other malicious actions. Affected WebUI parameters are \"h\", \"hd\", \"p\", \"pi\", \"s\", \"t\", \"x\", \"y\"."}], "impacts": [{"capecId": "CAPEC-591", "descriptions": [{"lang": "en", "value": "CAPEC-591 Reflected XSS"}]}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "baseScore": 5.1, "baseSeverity": "MEDIUM", "privilegesRequired": "LOW", "providerUrgency": "AMBER", "subAvailabilityImpact": "LOW", "subConfidentialityImpact": "LOW", "subIntegrityImpact": "LOW", "userInteraction": "PASSIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L/RE:L/U:Amber", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "LOW"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-79", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "551230f0-3615-47bd-b7cc-93e92e730bbf", "shortName": "SEC-VLab", "dateUpdated": "2025-03-31T09:52:05.166Z"}, "references": [{"tags": ["release-notes"], "url": "https://www.fast-lta.de/de/fast/silent-bricks-software-2-63"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "A vendor security patch available. Upgrade to release <a target=\"_blank\" rel=\"nofollow\" href=\"https://software.fast-lta.com/fast-sb-update-2.63.0.4.tar\">fast-sb-update-2.63.0.4.tar</a><br>"}], "value": "A vendor security patch available. Upgrade to release fast-sb-update-2.63.0.4.tar https://software.fast-lta.com/fast-sb-update-2.63.0.4.tar"}], "source": {"discovery": "EXTERNAL"}, "timeline": [{"lang": "en", "time": "2024-12-24T15:22:00.000Z", "value": "vulnerability has been identified and reported to the vendor"}, {"lang": "en", "time": "2025-01-16T08:30:00.000Z", "value": "transmission of further technical information to the vendor"}, {"lang": "en", "time": "2025-01-23T09:45:00.000Z", "value": "vulnerability has been confirmed by the vendor and a patch is in progress"}, {"lang": "en", "time": "2025-03-06T09:30:00.000Z", "value": "Vendor patch available"}], "title": "Reflected Cross-Site Scripting (XSS) Vulnerability in FAST LTA Silent Brick WebUI", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-03-31T16:16:46.834770Z", "id": "CVE-2025-2072", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-31T16:18:32.084Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-2072", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-03-31T16:16:46.834770Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-31T16:17:15.313Z"}}], "cna": {"title": "Reflected Cross-Site Scripting (XSS) Vulnerability in FAST LTA Silent Brick WebUI", "source": {"discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "value": "Stefan Mettler from CRYPTRON Security GmbH"}], "impacts": [{"capecId": "CAPEC-591", "descriptions": [{"lang": "en", "value": "CAPEC-591 Reflected XSS"}]}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 5.1, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L/RE:L/U:Amber", "providerUrgency": "AMBER", "userInteraction": "PASSIVE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "subIntegrityImpact": "LOW", "vulnIntegrityImpact": "LOW", "subAvailabilityImpact": "LOW", "vulnAvailabilityImpact": "LOW", "subConfidentialityImpact": "LOW", "vulnConfidentialityImpact": "LOW", "vulnerabilityResponseEffort": "LOW"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "FAST LTA", "modules": ["Web User Interface"], "product": "FAST LTA Silent Brick WebUI", "versions": [{"status": "affected", "version": "WebUI Release 2.45 (Linux 5.4.109-gentoo-FAST)", "lessThan": "2.63.04", "versionType": "custom"}], "platforms": ["Linux"], "defaultStatus": "unknown"}], "timeline": [{"lang": "en", "time": "2024-12-24T15:22:00.000Z", "value": "vulnerability has been identified and reported to the vendor"}, {"lang": "en", "time": "2025-01-16T08:30:00.000Z", "value": "transmission of further technical information to the vendor"}, {"lang": "en", "time": "2025-01-23T09:45:00.000Z", "value": "vulnerability has been confirmed by the vendor and a patch is in progress"}, {"lang": "en", "time": "2025-03-06T09:30:00.000Z", "value": "Vendor patch available"}], "solutions": [{"lang": "en", "value": "A vendor security patch available. Upgrade to release fast-sb-update-2.63.0.4.tar https://software.fast-lta.com/fast-sb-update-2.63.0.4.tar", "supportingMedia": [{"type": "text/html", "value": "A vendor security patch available. Upgrade to release <a target=\"_blank\" rel=\"nofollow\" href=\"https://software.fast-lta.com/fast-sb-update-2.63.0.4.tar\">fast-sb-update-2.63.0.4.tar</a><br>", "base64": false}]}], "references": [{"url": "https://www.fast-lta.de/de/fast/silent-bricks-software-2-63", "tags": ["release-notes"]}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "A Reflected Cross-Site Scripting (XSS) vulnerability has been discovered in FAST LTA Silent Brick WebUI, allowing attackers to inject malicious JavaScript code into web pages viewed by users. This issue arises when user-supplied input is improperly handled and reflected directly in the output of a web page without proper sanitization or encoding. Exploiting this vulnerability, an attacker can execute arbitrary JavaScript in the context of the victim's browser, potentially leading to session hijacking, data theft, and other malicious actions. Affected WebUI parameters are \"h\", \"hd\", \"p\", \"pi\", \"s\", \"t\", \"x\", \"y\".", "supportingMedia": [{"type": "text/html", "value": "A Reflected Cross-Site Scripting (XSS) vulnerability has been discovered in FAST LTA Silent Brick WebUI, allowing attackers to inject malicious JavaScript code into web pages viewed by users. This issue arises when user-supplied input is improperly handled and reflected directly in the output of a web page without proper sanitization or encoding. Exploiting this vulnerability, an attacker can execute arbitrary JavaScript in the context of the victim's browser, potentially leading to session hijacking, data theft, and other malicious actions. Affected WebUI parameters are \"h\", \"hd\", \"p\", \"pi\", \"s\", \"t\", \"x\", \"y\".<br><br><br>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-79", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')"}]}], "providerMetadata": {"orgId": "551230f0-3615-47bd-b7cc-93e92e730bbf", "shortName": "SEC-VLab", "dateUpdated": "2025-03-31T09:52:05.166Z"}}}, "cveMetadata": {"cveId": "CVE-2025-2072", "state": "PUBLISHED", "dateUpdated": "2025-03-31T16:18:32.084Z", "dateReserved": "2025-03-06T18:18:50.024Z", "assignerOrgId": "551230f0-3615-47bd-b7cc-93e92e730bbf", "datePublished": "2025-03-31T08:34:14.205Z", "assignerShortName": "SEC-VLab"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A Reflected Cross-Site Scripting (XSS) vulnerability has been discovered in FAST LTA Silent Brick WebUI, allowing attackers to inject malicious JavaScript code into web pages viewed by users. This issue arises when user-supplied input is improperly handled and reflected directly in the output of a web page without proper sanitization or encoding. Exploiting this vulnerability, an attacker can execute arbitrary JavaScript in the context of the victim's browser, potentially leading to session hijacking, data theft, and other malicious actions. Affected WebUI parameters are \"h\", \"hd\", \"p\", \"pi\", \"s\", \"t\", \"x\", \"y\"."}], "id": "CVE-2025-2072", "lastModified": "2025-04-01T20:26:30.593", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.1, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "AMBER", "subAvailabilityImpact": "LOW", "subConfidentialityImpact": "LOW", "subIntegrityImpact": "LOW", "userInteraction": "PASSIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:L/U:Amber", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "LOW"}, "source": "551230f0-3615-47bd-b7cc-93e92e730bbf", "type": "Secondary"}]}, "published": "2025-03-31T09:15:14.987", "references": [{"source": "551230f0-3615-47bd-b7cc-93e92e730bbf", "url": "https://www.fast-lta.de/de/fast/silent-bricks-software-2-63"}], "sourceIdentifier": "551230f0-3615-47bd-b7cc-93e92e730bbf", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "551230f0-3615-47bd-b7cc-93e92e730bbf", "type": "Secondary"}]}

{}

{}