Description
A Stored HTML Injection vulnerability was discovered in the Time Machine Snapshot Diff functionality due to improper validation of network traffic data. An unauthenticated attacker can send specially crafted network packets at two different times to inject HTML tags into asset attributes across two snapshots. Exploitation requires a victim to use the Time Machine Snapshot Diff feature on those specific snapshots and perform specific GUI actions, at which point the injected HTML renders in their browser, enabling phishing and open redirect attacks. Full XSS exploitation is prevented by input validation and Content Security Policy. Attack complexity is high due to multiple required conditions.
Published: 2025-12-18
Score: 2.3 Low
EPSS: < 1% Very Low
KEV: No
Impact: Stored HTML injection enabling phishing and open redirect when Time Machine Snapshot Diff is used
Action: Apply Patch
AI Analysis

Impact

A Stored HTML Injection vulnerability was discovered in the Time Machine Snapshot Diff functionality. An attacker can send crafted network packets at two different times and inject HTML tags into asset attributes across snapshots. When a user activates the Diff feature on those snapshots and performs certain GUI actions, the injected HTML renders in their browser, allowing phishing and open redirect attacks. Full XSS is prevented by input validation and Content Security Policy, but the injection still poses a risk through the rendered UI.

Affected Systems

Nozomi Networks CMC and Guardian versions prior to 25.5.0 are affected. The vulnerability exists in both products and impacts all deployments using the Time Machine Snapshot Diff feature before the 25.5.0 update.

Risk and Exploitability

The CVSS score of 2.3 indicates low severity, and the EPSS score of less than 1% shows a very low probability of exploitation. The vulnerability is not listed in the CISA KEV catalog. Attack complexity is high because it requires an unauthenticated attacker to send specific network packets, the victim to use the Diff feature, and to perform particular GUI actions. Under these constrained conditions the risk to systems with the feature enabled remains low, but the potential for phishing is significant enough to warrant patching.

Generated by OpenCVE AI on April 20, 2026 at 16:34 UTC.

Remediation

Vendor Solution

Upgrade to v25.5.0 or later.

OpenCVE Recommended Actions

  • Upgrade Nozomi Networks CMC and Guardian to version 25.5.0 or later.
  • If upgrade cannot be performed immediately, limit user access to Time Machine Snapshot Diff by disabling the feature or restricting it to trusted users until the patch is applied.
  • Enforce strict network packet filtering to prevent specially crafted packets from reaching the system, such as configuring firewalls or IDS/IPS to detect and block anomalous traffic patterns targeting the Time Machine components.

Generated by OpenCVE AI on April 20, 2026 at 16:34 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 14 Apr 2026 10:30:00 +0000

Type Values Removed Values Added
References

Tue, 06 Jan 2026 20:15:00 +0000

Type Values Removed Values Added
First Time appeared Nozominetworks
Nozominetworks cmc
Nozominetworks guardian
CPEs cpe:2.3:a:nozominetworks:cmc:*:*:*:*:*:*:*:*
cpe:2.3:a:nozominetworks:guardian:*:*:*:*:*:*:*:*
Vendors & Products Nozominetworks
Nozominetworks cmc
Nozominetworks guardian

Thu, 18 Dec 2025 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 18 Dec 2025 13:30:00 +0000

Type Values Removed Values Added
Description A Stored HTML Injection vulnerability was discovered in the Time Machine Snapshot Diff functionality due to improper validation of network traffic data. An unauthenticated attacker can send specially crafted network packets at two different times to inject HTML tags into asset attributes across two snapshots. Exploitation requires a victim to use the Time Machine Snapshot Diff feature on those specific snapshots and perform specific GUI actions, at which point the injected HTML renders in their browser, enabling phishing and open redirect attacks. Full XSS exploitation is prevented by input validation and Content Security Policy. Attack complexity is high due to multiple required conditions.
Title HTML injection in in Time Machine functionality in Guardian/CMC before 25.5.0
First Time appeared Nozomi Networks
Nozomi Networks cmc
Nozomi Networks guardian
Weaknesses CWE-79
CPEs cpe:2.3:a:nozomi_networks:cmc:*:*:*:*:*:*:*:*
cpe:2.3:a:nozomi_networks:guardian:*:*:*:*:*:*:*:*
Vendors & Products Nozomi Networks
Nozomi Networks cmc
Nozomi Networks guardian
References
Metrics cvssV3_1

{'score': 4.7, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N'}

cvssV4_0

{'score': 2.3, 'vector': 'CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N'}

Subscriptions

Nozomi Networks Cmc Guardian
Nozominetworks Cmc Guardian
cve-icon MITRE

Status: PUBLISHED

Assigner: Nozomi

Published:

Updated: 2026-04-14T08:58:08.457Z

Reserved: 2025-04-16T09:04:25.006Z

Link: CVE-2025-40891

cve-icon Vulnrichment

Updated: 2026-04-14T08:58:08.457Z

cve-icon NVD

Status : Modified

Published: 2025-12-18T14:15:59.270

Modified: 2026-04-14T10:16:26.790

Link: CVE-2025-40891

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-20T16:45:11Z

Weaknesses