Cyber Resilience

CVE-2025-8535

LowPublic PoC

Published: 05 August 2025

Published
05 August 2025
Modified
29 April 2026
KEV Added
Patch
CVSS Score v4 2.0 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0033 56.3th percentile
Risk Priority 4 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-8535 is a low-severity Cross-site Scripting (CWE-79) vulnerability in Metaclinic Nanovault. Its CVSS base score is 2.0 (Low).

Operationally, exploitation aligns with the MITRE ATT&CK technique JavaScript (T1059.007); ranked in the top 43.7% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-15 (Information Output Filtering).

Deeper analysis

CVE-2025-8535 is a cross-site scripting (XSS) vulnerability classified as problematic in cronoh NanoVault versions up to 1.2.1. The issue resides in the executeJavaScript function within the /main.js file of the xrb URL Handler component. Manipulation of this function enables XSS, with associated CWEs including CWE-79 (Improper Neutralization of Input During Web Page Generation) and CWE-94 (Improper Control of Generation of Code). The vulnerability carries a CVSS v3.1 base score of 3.5 (AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N), indicating low severity with network accessibility, low attack complexity, and low privileges required.

A remote attacker with low privileges can exploit this vulnerability by tricking a user into interacting with malicious content, such as clicking a crafted link or opening a manipulated xrb URL. Successful exploitation leads to XSS, allowing the attacker to inject and execute arbitrary scripts in the context of the affected application, resulting in limited integrity impacts but no confidentiality or availability disruption.

Advisories from VulDB detail the issue and note that the exploit has been publicly disclosed via a Google Drive link and a GitHub Gist, with the vendor contacted early but providing no response. No patches or official mitigations are mentioned in the available references, leaving affected systems reliant on user awareness to avoid phishing or malicious URL interactions until further vendor action.

EU & UK References

Vulnerability details

A vulnerability, which was classified as problematic, has been found in cronoh NanoVault up to 1.2.1. This issue affects the function executeJavaScript of the file /main.js of the component xrb URL Handler. The manipulation leads to cross site scripting. The…

more

attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1059.007 JavaScript Execution
Adversaries may abuse various implementations of JavaScript for execution.
T1204.001 Malicious Link Execution
An adversary may rely upon a user clicking a malicious link in order to gain execution.
Why these techniques?

XSS in executeJavaScript enables arbitrary JS execution (T1059.007) via malicious URL/link interaction (T1204.001).

Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-26583Shared CWE-79
CVE-2026-24943Shared CWE-79
CVE-2025-22711Shared CWE-79
CVE-2025-23736Shared CWE-79
CVE-2025-23885Shared CWE-79
CVE-2025-23624Shared CWE-79
CVE-2025-23888Shared CWE-79
CVE-2024-13891Shared CWE-79
CVE-2025-68894Shared CWE-79
CVE-2025-23492Shared CWE-79

Affected Assets

metaclinic
nanovault
≤ 1.2.1

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires validation and sanitization of untrusted xrb URL inputs before they reach executeJavaScript, blocking the CWE-79/94 injection that enables this XSS.

prevent

Requires filtering or encoding of data written to the DOM or script context, neutralizing malicious payloads that the vulnerable URL handler would otherwise execute.

preventdetect

Provides malicious-code detection and blocking mechanisms that can recognize and stop reflected XSS attempts delivered via crafted xrb URLs.

References