CVE-2025-41752

Name of the Vulnerable Software and Affected Versions versions prior to the fix for CVE-2025-41752

Description An XSS vulnerability exists in the pxc portSfp.php file. An unauthenticated remote attacker can exploit this to trick an authenticated user into clicking a malicious link, potentially altering device configuration parameters accessible through the web-based management interface (WBM). The vulnerability does not grant access to system-level resources or privileged functions. The session cookie is protected by the httpOnly flag, preventing session hijacking.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.