CVE-2025-41364

Name of the Vulnerable Software and Affected Versions IDF versions 0.10.0-0C03-03 ZLF versions 0.10.0-0C03-04

Description The issue is a Stored Cross-Site Scripting (XSS) vulnerability that allows an attacker to store malicious JavaScript payload in the software, which will run in the victim's browser. To exploit this vulnerability, an attacker must authenticate to the device and execute certain commands that can be executed with view permission.

Recommendations For IDF version 0.10.0-0C03-03, update to a version that includes a fix for this issue. For ZLF version 0.10.0-0C03-04, update to a version that includes a fix for this issue. As a temporary workaround, consider restricting access to the software to minimize the risk of exploitation.