Description
A Stored Cross-Site Scripting vulnerability was discovered in the Reports functionality due to improper validation of an input parameter. An authenticated user with report privileges can define a malicious report containing a JavaScript payload, or a victim can be socially engineered to import a malicious report template. When the victim views or imports the report, the XSS executes in their browser context, allowing the attacker to perform unauthorized actions as the victim, such as modify application data, disrupt application availability, and access limited sensitive information.
Published: 2025-12-18
Score: 7.1 High
EPSS: < 1% Very Low
KEV: No
Impact: Stored XSS capable of unauthorized browser‑based actions
Action: Patch
AI Analysis

Impact

A stored cross‑site scripting flaw exists in the Reports feature of Nozomi Networks’ CMC and Guardian products. The flaw is caused by insufficient validation of an input parameter, allowing an attacker to embed arbitrary JavaScript into a report or report template. When a user views or imports the malicious report, the script runs in the victim’s browser context with the same privileges as the user, enabling the attacker to alter application data, disrupt availability, and access limited sensitive information.

Affected Systems

All releases of Nozomi Networks CMC and Guardian prior to version 25.5.0 are affected. The vulnerability resides in the web‑based management interface that handles report creation and template import.

Risk and Exploitability

The CVSS score of 7.1 indicates a moderate‑to‑severe risk. The EPSS score of less than 1% shows that the likelihood of exploitation is low at present. The vulnerability is not listed in CISA’s KEV catalog. Exploitation requires either an authenticated user with report privileges or social engineering of a victim to import a malicious template. Because the attack affects only users with privileged access and needs a web browser, the attack vector is likely internal or target‑focused rather than widespread public exposure.

Generated by OpenCVE AI on April 20, 2026 at 18:54 UTC.

Remediation

Vendor Solution

Upgrade to v25.5.0 or later.

Vendor Workaround

Use internal firewall features to limit access to the web management interface.

OpenCVE Recommended Actions

  • Upgrade Nozomi Networks CMC and Guardian to version 25.5.0 or later.
  • Apply internal firewall rules to limit access to the web management interface.
  • Review user accounts with report privileges and delete unnecessary accounts.
  • Review existing report templates.

Generated by OpenCVE AI on April 20, 2026 at 18:54 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 14 Apr 2026 10:30:00 +0000

Type Values Removed Values Added
References

Tue, 06 Jan 2026 20:15:00 +0000

Type Values Removed Values Added
First Time appeared Nozominetworks
Nozominetworks cmc
Nozominetworks guardian
CPEs cpe:2.3:a:nozominetworks:cmc:*:*:*:*:*:*:*:*
cpe:2.3:a:nozominetworks:guardian:*:*:*:*:*:*:*:*
Vendors & Products Nozominetworks
Nozominetworks cmc
Nozominetworks guardian

Thu, 18 Dec 2025 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Thu, 18 Dec 2025 13:30:00 +0000

Type Values Removed Values Added
Description A Stored Cross-Site Scripting vulnerability was discovered in the Reports functionality due to improper validation of an input parameter. An authenticated user with report privileges can define a malicious report containing a JavaScript payload, or a victim can be socially engineered to import a malicious report template. When the victim views or imports the report, the XSS executes in their browser context, allowing the attacker to perform unauthorized actions as the victim, such as modify application data, disrupt application availability, and access limited sensitive information.
Title Stored Cross-Site Scripting (XSS) in Reports in Guardian/CMC before 25.5.0
First Time appeared Nozomi Networks
Nozomi Networks cmc
Nozomi Networks guardian
Weaknesses CWE-79
CPEs cpe:2.3:a:nozomi_networks:cmc:*:*:*:*:*:*:*:*
cpe:2.3:a:nozomi_networks:guardian:*:*:*:*:*:*:*:*
Vendors & Products Nozomi Networks
Nozomi Networks cmc
Nozomi Networks guardian
References
Metrics cvssV3_1

{'score': 8.9, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:H'}

cvssV4_0

{'score': 7.1, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:H/VA:H/SC:L/SI:L/SA:L'}

Subscriptions

Nozomi Networks Cmc Guardian
Nozominetworks Cmc Guardian
cve-icon MITRE

Status: PUBLISHED

Assigner: Nozomi

Published:

Updated: 2026-04-14T08:58:09.594Z

Reserved: 2025-04-16T09:04:25.007Z

Link: CVE-2025-40892

cve-icon Vulnrichment

Updated: 2025-12-18T14:30:45.112Z

cve-icon NVD

Status : Modified

Published: 2025-12-18T14:15:59.457

Modified: 2026-04-14T10:16:27.033

Link: CVE-2025-40892

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-20T19:00:10Z

Weaknesses