CVE-2025-0219

Name of the Vulnerable Software and Affected Versions Trimble SPS851 version 488.01

Description A problematic issue has been found in the Receiver Status Identity Tab component of the software, affecting some unknown functionality. The manipulation of the System Name argument leads to cross-site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted about this disclosure but did not respond.

Recommendations For Trimble SPS851 version 488.01, as a temporary workaround, consider restricting the use of the System Name argument in the Receiver Status Identity Tab until a patch is available. At the moment, there is no information about a newer version that contains a fix for this issue.