CVE-2025-0220

Name of the Vulnerable Software and Affected Versions Trimble SPS851 version 488.01

Description A problematic issue was found in the Ethernet Configuration Menu component of the affected software. The manipulation of the Hostname argument leads to cross-site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Recommendations For Trimble SPS851 version 488.01, as a temporary workaround, consider restricting access to the Ethernet Configuration Menu until a patch is available. Avoid manipulating the Hostname argument in the affected component to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.