CVE-2026-25789

Name of the Vulnerable Software and Affected Versions Cisco Router (affected versions not specified)

Description Devices fail to properly validate and sanitize filenames on the Firmware Update page. A remote attacker could use social engineering to trick a user into selecting a modified firmware file. This leads to malicious JavaScript execution within the authenticated user's session without the file actually being uploaded, which may result in credential theft or session hijacking.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.