CVE-2025-8386

Name of the Vulnerable Software and Affected Versions Application Server (affected versions not specified)

Description An authenticated attacker with “aaConfigTools” privilege can modify App Objects’ help files, potentially leading to a persistent cross-site scripting (XSS) injection. Successful exploitation by a victim user could result in horizontal or vertical privilege escalation. The issue is limited to config-time operations within the IDE component of the Application Server and does not affect run-time components or operations.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.