CVE-2025-37185

Name of the Vulnerable Software and Affected Versions EdgeConnect SD-WAN Orchestrator (affected versions not specified)

Description The web-based management interface of EdgeConnect SD-WAN Orchestrator contains a flaw that could allow an authenticated remote attacker to perform a stored cross-site scripting (XSS) attack against an administrative user. A successful exploit could enable an attacker to execute arbitrary script code within a victim’s browser, in the context of the affected interface. This could lead to unauthorized and arbitrary configuration changes to the host.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.