Cyber Resilience

CVE-2025-25612

High

Published: 17 March 2025

Published
17 March 2025
Modified
15 April 2026
KEV Added
Patch
CVSS Score v3.1 7.1 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
EPSS Score 0.0050 66.6th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-25612 is a high-severity Cross-site Scripting (CWE-79) vulnerability in Fs (inferred from references). Its CVSS base score is 7.1 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Browser Session Hijacking (T1185); ranked in the top 33.4% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-15 (Information Output Filtering).

Deeper analysis

CVE-2025-25612 is a Cross-Site Scripting (XSS) vulnerability (CWE-79) in FS Inc's S3150-8T2F network switch, affecting versions prior to S3150-8T2F_2.2.0D_135103. The flaw exists in the Time Range Configuration functionality of the administration interface, where the "Time Range Name" field fails to properly sanitize user input, allowing attackers to inject malicious JavaScript. Published on 2025-03-17, it carries a CVSS v3.1 base score of 7.1 (AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H).

An authenticated attacker with low privileges (PR:L) can exploit this vulnerability over the network by submitting malicious JavaScript in the Time Range Name field. Once saved, the injected script executes in the browser of any user accessing the affected page, including administrators, provided the victim interacts with the page (UI:R). This enables arbitrary script execution, potentially leading to high confidentiality, integrity, and availability impacts, such as session hijacking or data theft.

Mitigation requires upgrading to S3150-8T2F_2.2.0D_135103 or later. Additional details are available in the vendor advisory at http://fs.com and the GitHub repository at https://github.com/secmuzz/CVE-2025-25612/.

EU & UK References

Vulnerability details

FS Inc S3150-8T2F prior to version S3150-8T2F_2.2.0D_135103 is vulnerable to Cross Site Scripting (XSS) in the Time Range Configuration functionality of the administration interface. An attacker can inject malicious JavaScript into the "Time Range Name" field, which is improperly sanitized.…

more

When this input is saved, it is later executed in the browser of any user accessing the affected page, including administrators, resulting in arbitrary script execution in the user's browser.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1185 Browser Session Hijacking Collection
Adversaries may take advantage of security vulnerabilities and inherent functionality in browser software to change content, modify user-behaviors, and intercept information as part of various browser session hijacking techniques.
Why these techniques?

Stored XSS in the web admin interface allows injection and execution of arbitrary JavaScript in victims' browsers (including higher-privileged admins), directly enabling browser session hijacking and related data theft as explicitly noted in the CVE description.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2025-25203Shared CWE-79
CVE-2025-67959Shared CWE-79
CVE-2025-68835Shared CWE-79
CVE-2026-32118Shared CWE-79
CVE-2025-24617Shared CWE-79
CVE-2026-30934Shared CWE-79
CVE-2026-24833Shared CWE-79
CVE-2024-56038Shared CWE-79
CVE-2025-25823Shared CWE-79
CVE-2025-36548Shared CWE-79

Affected Assets

Fs
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly addresses the improper sanitization of user input in the Time Range Name field, preventing injection of malicious JavaScript.

prevent

Filters output from the Time Range Configuration page to block execution of injected scripts in victims' browsers.

prevent

Ensures timely remediation of the XSS flaw through patching to the fixed version S3150-8T2F_2.2.0D_135103 or later.

References