CVE-2025-40895

Name of the Vulnerable Software and Affected Versions CMC (affected versions not specified)

Description A stored HTML injection issue exists in the Sensor Map functionality due to inadequate validation of properties on connected Guardians. An authenticated user with administrator privileges on a Guardian connected to a CMC can inject HTML tags by editing the Guardian’s properties. If the Sensor Map functionality is enabled within the CMC, a victim CMC user interacting with the functionality may have the injected HTML render in their browser, potentially leading to phishing or open redirect attacks. Existing input validation and Content Security Policy configurations prevent full cross-site scripting exploitation and direct information disclosure.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.