CVE-2025-1359
Published: 16 February 2025
Summary
CVE-2025-1359 is a medium-severity Cross-site Scripting (CWE-79) vulnerability. Its CVSS base score is 5.3 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Browser Session Hijacking (T1185); ranked in the top 8.0% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-15 (Information Output Filtering).
Deeper analysis
CVE-2025-1359 is a cross-site scripting (XSS) vulnerability classified as problematic in SIAM Industria de Automação e Monitoramento SIAM 2.0. The issue resides in the unknown processing of the /qrcode.jsp file, where manipulation of the "url" argument enables script injection. It is associated with CWE-79 (Improper Neutralization of Input During Web Page Generation) and CWE-94 (Improper Control of Generation of Code), carrying a CVSS v3.1 base score of 4.3 (AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N).
The vulnerability can be exploited remotely by unauthenticated attackers with no privileges required, though it necessitates user interaction such as clicking a malicious link. Successful exploitation allows limited integrity impacts, enabling attackers to inject and execute arbitrary scripts in the context of the victim's browser, potentially leading to session hijacking, phishing, or theft of sensitive data displayed on the page.
VulDB advisories detail the issue and note that the exploit has been publicly disclosed and may be used, with the vendor contacted early but providing no response. No patches or official mitigations are mentioned in the available references.
The exploit's public disclosure increases the risk of active use against exposed SIAM 2.0 instances.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-2120
Vulnerability details
A vulnerability, which was classified as problematic, has been found in SIAM Industria de Automação e Monitoramento SIAM 2.0. This issue affects some unknown processing of the file /qrcode.jsp. The manipulation of the argument url leads to cross site scripting.…
more
The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
XSS enables direct browser script execution for session hijacking as explicitly described.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Information output filtering directly neutralizes script injection in the /qrcode.jsp output generated from the manipulated 'url' argument, preventing XSS execution in victims' browsers.
Information input validation ensures the 'url' argument in /qrcode.jsp is checked and sanitized to block malicious script payloads before processing.
Flaw remediation identifies and corrects the specific improper neutralization of the 'url' parameter in SIAM 2.0's /qrcode.jsp, addressing the root cause of this XSS vulnerability.