CVE-2025-41367

Name of the Vulnerable Software and Affected Versions IDF versions 0.10.0-0C03-03 ZLF versions 0.10.0-0C03-04

Description The issue is a Stored Cross-Site Scripting (XSS) vulnerability that allows an attacker to store malicious JavaScript payload in the software, which will run in the victim's browser. To exploit this vulnerability, an attacker must authenticate to the device and execute certain commands that require permissions higher than the view permission.

Recommendations For IDF version 0.10.0-0C03-03, at the moment, there is no information about a newer version that contains a fix for this vulnerability. For ZLF version 0.10.0-0C03-04, at the moment, there is no information about a newer version that contains a fix for this vulnerability.