CVE-2025-25612

Name of the Vulnerable Software and Affected Versions FS Inc S3150-8T2F versions prior to S3150-8T2F 2.2.0D 135103

Description The issue concerns Cross Site Scripting (XSS) in the Time Range Configuration functionality of the administration interface. An attacker can inject malicious JavaScript into the Time Range Name field, which is improperly sanitized. When this input is saved, it is later executed in the browser of any user accessing the affected page, including administrators, resulting in arbitrary script execution in the user's browser.

Recommendations For versions prior to S3150-8T2F 2.2.0D 135103, update to version S3150-8T2F 2.2.0D 135103 or later to resolve the issue. As a temporary workaround, consider restricting access to the Time Range Configuration functionality to minimize the risk of exploitation. Avoid using the Time Range Name field until the issue is resolved.