PT-2026-2915 · Vmware · Edgeconnect Sd-Wan Orchestrator

M0X_Noob

Published

2026-01-13

Updated

2026-01-14

CVE-2025-37185

CVSS v3.1

5.5

Medium

Vector

AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions EdgeConnect SD-WAN Orchestrator (affected versions not specified)

Description The web-based management interface of EdgeConnect SD-WAN Orchestrator contains a flaw that could allow an authenticated remote attacker to perform a stored cross-site scripting (XSS) attack against an administrative user. A successful exploit could enable an attacker to execute arbitrary script code within a victim’s browser, in the context of the affected interface. This could lead to unauthorized and arbitrary configuration changes to the host.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

BDU:2026-00653

CVE-2025-37185

Affected Products

Edgeconnect Sd-Wan Orchestrator

PT-2026-2915 · Vmware · Edgeconnect Sd-Wan Orchestrator

CVE-2025-37185

Weakness Enumeration

Related Identifiers

Affected Products

References · 5