CVE-2025-25625

Name of the Vulnerable Software and Affected Versions FS Inc S3150 8T2F Switch versions s3150-8t2f-switch-fsos-220d 118101 and web firmware v2.2.2

Description A stored cross-site scripting vulnerability exists in the web management interface of the FS model S3150-8T2F switches. This allows an authenticated web interface user to bypass input filtering on user names, and stores un-sanitized HTML and Javascript on the device. Pages that present the user name without encoding special characters will cause the injected code to be parsed by the browsers of other users accessing the web interface.

Recommendations For FS Inc S3150 8T2F Switch versions s3150-8t2f-switch-fsos-220d 118101 and web firmware v2.2.2, consider disabling the web management interface until a patch is available. Restrict access to the web interface to minimize the risk of exploitation. Avoid using the user name field in the web interface until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.