Cyber Resilience

CVE-2025-1359

Medium

Published: 16 February 2025

Published
16 February 2025
Modified
15 April 2026
KEV Added
Patch
CVSS Score v4 5.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0749 92.0th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-1359 is a medium-severity Cross-site Scripting (CWE-79) vulnerability. Its CVSS base score is 5.3 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Browser Session Hijacking (T1185); ranked in the top 8.0% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-15 (Information Output Filtering).

Deeper analysis

CVE-2025-1359 is a cross-site scripting (XSS) vulnerability classified as problematic in SIAM Industria de Automação e Monitoramento SIAM 2.0. The issue resides in the unknown processing of the /qrcode.jsp file, where manipulation of the "url" argument enables script injection. It is associated with CWE-79 (Improper Neutralization of Input During Web Page Generation) and CWE-94 (Improper Control of Generation of Code), carrying a CVSS v3.1 base score of 4.3 (AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N).

The vulnerability can be exploited remotely by unauthenticated attackers with no privileges required, though it necessitates user interaction such as clicking a malicious link. Successful exploitation allows limited integrity impacts, enabling attackers to inject and execute arbitrary scripts in the context of the victim's browser, potentially leading to session hijacking, phishing, or theft of sensitive data displayed on the page.

VulDB advisories detail the issue and note that the exploit has been publicly disclosed and may be used, with the vendor contacted early but providing no response. No patches or official mitigations are mentioned in the available references.

The exploit's public disclosure increases the risk of active use against exposed SIAM 2.0 instances.

EU & UK References

Vulnerability details

A vulnerability, which was classified as problematic, has been found in SIAM Industria de Automação e Monitoramento SIAM 2.0. This issue affects some unknown processing of the file /qrcode.jsp. The manipulation of the argument url leads to cross site scripting.…

more

The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1185 Browser Session Hijacking Collection
Adversaries may take advantage of security vulnerabilities and inherent functionality in browser software to change content, modify user-behaviors, and intercept information as part of various browser session hijacking techniques.
Why these techniques?

XSS enables direct browser script execution for session hijacking as explicitly described.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-25203Shared CWE-79
CVE-2025-67959Shared CWE-79
CVE-2025-68835Shared CWE-79
CVE-2026-32118Shared CWE-79
CVE-2025-24617Shared CWE-79
CVE-2026-30934Shared CWE-79
CVE-2026-24833Shared CWE-79
CVE-2024-56038Shared CWE-79
CVE-2025-25823Shared CWE-79
CVE-2025-36548Shared CWE-79

Affected Assets

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Information output filtering directly neutralizes script injection in the /qrcode.jsp output generated from the manipulated 'url' argument, preventing XSS execution in victims' browsers.

prevent

Information input validation ensures the 'url' argument in /qrcode.jsp is checked and sanitized to block malicious script payloads before processing.

prevent

Flaw remediation identifies and corrects the specific improper neutralization of the 'url' parameter in SIAM 2.0's /qrcode.jsp, addressing the root cause of this XSS vulnerability.

References