PT-2025-35144 · Weaver · Weaver E-Mobile Mobile Management Platform

Goojar

Published

2025-08-28

Updated

2025-08-29

CVE-2025-9590

Report an issue

CVSS v2.0

4.0

Vector

AV:N/AC:L/Au:S/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions:

Weaver E-Mobile Mobile Management Platform versions prior to 20250814

Description:

A cross site scripting issue exists in Weaver E-Mobile Mobile Management Platform. The `gohome` argument can be manipulated to trigger this issue. This attack can be initiated remotely. The exploit is publicly available. The vendor was contacted regarding this disclosure but did not respond.

Recommendations:

Update Weaver E-Mobile Mobile Management Platform to a version later than 20250813.

Exploit

Fix

Code Injection

XSS

Weakness Enumeration

CWE-94CWE-79

Related Identifiers

CVE-2025-9590

Affected Products

Weaver E-Mobile Mobile Management Platform

PT-2025-35144 · Weaver · Weaver E-Mobile Mobile Management Platform

Weakness Enumeration

Related Identifiers

Affected Products

References · 9