CVE-2025-0643

Name of the Vulnerable Software and Affected Versions Pyxis Signage versions through 31012025

Description Pyxis Signage is affected by an Improper Neutralization of Input During Web Page Generation, specifically a Stored Cross-Site Scripting (XSS) issue. This allows for persistent JavaScript execution in the browsers of administrators. A real-world scenario involves compromising signage to display phishing content in public locations such as corporate lobbies, retail stores, and airports. The issue impacts digital signage systems deployed in public spaces with limited monitoring. There are over 3.2 million potentially affected devices worldwide. The vulnerability can be exploited through the injection of malicious JavaScript code.

Recommendations Versions prior to 31012025 should be updated.