CVE-2025-40900

Name of the Vulnerable Software and Affected Versions The product name cannot be determined (affected versions not specified)

Description An Angular template injection occurs in the Reports functionality because of improper validation of an input parameter. An authenticated user with report privileges can create a malicious report with an Angular template payload, or a victim can be tricked into importing a malicious report template. When the report is viewed or imported, the template executes in the browser context, enabling the attacker to modify application data or disrupt application availability. Existing input validation and Content Security Policy (CSP)—a security layer that helps detect and mitigate certain types of attacks—prevent full Cross-Site Scripting (XSS) and direct information disclosure.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.