CVE-2025-8535
Published: 05 August 2025
Summary
CVE-2025-8535 is a low-severity Cross-site Scripting (CWE-79) vulnerability in Metaclinic Nanovault. Its CVSS base score is 2.0 (Low).
Operationally, exploitation aligns with the MITRE ATT&CK technique JavaScript (T1059.007); ranked in the top 43.7% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-15 (Information Output Filtering).
Deeper analysis
CVE-2025-8535 is a cross-site scripting (XSS) vulnerability classified as problematic in cronoh NanoVault versions up to 1.2.1. The issue resides in the executeJavaScript function within the /main.js file of the xrb URL Handler component. Manipulation of this function enables XSS, with associated CWEs including CWE-79 (Improper Neutralization of Input During Web Page Generation) and CWE-94 (Improper Control of Generation of Code). The vulnerability carries a CVSS v3.1 base score of 3.5 (AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N), indicating low severity with network accessibility, low attack complexity, and low privileges required.
A remote attacker with low privileges can exploit this vulnerability by tricking a user into interacting with malicious content, such as clicking a crafted link or opening a manipulated xrb URL. Successful exploitation leads to XSS, allowing the attacker to inject and execute arbitrary scripts in the context of the affected application, resulting in limited integrity impacts but no confidentiality or availability disruption.
Advisories from VulDB detail the issue and note that the exploit has been publicly disclosed via a Google Drive link and a GitHub Gist, with the vendor contacted early but providing no response. No patches or official mitigations are mentioned in the available references, leaving affected systems reliant on user awareness to avoid phishing or malicious URL interactions until further vendor action.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-23580
Vulnerability details
A vulnerability, which was classified as problematic, has been found in cronoh NanoVault up to 1.2.1. This issue affects the function executeJavaScript of the file /main.js of the component xrb URL Handler. The manipulation leads to cross site scripting. The…
more
attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
XSS in executeJavaScript enables arbitrary JS execution (T1059.007) via malicious URL/link interaction (T1204.001).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly requires validation and sanitization of untrusted xrb URL inputs before they reach executeJavaScript, blocking the CWE-79/94 injection that enables this XSS.
Requires filtering or encoding of data written to the DOM or script context, neutralizing malicious payloads that the vulnerable URL handler would otherwise execute.
Provides malicious-code detection and blocking mechanisms that can recognize and stop reflected XSS attempts delivered via crafted xrb URLs.