Home / Vulnerability Intelligence / CVE-2025-40899

CVE-2025-40899 - Vulnerability Analysis

HighCVSS: 8.9

Last Updated: April 15, 2026

Application - Stored XSS

Published: April 15, 2026Updated: April 15, 2026Remote Exploitable

Overview

An application contains a stored XSS caused by improper validation of input in Assets and Nodes functionality, letting authenticated users with custom fields privileges execute scripts in victim browsers, exploit requires authenticated user with custom fields privileges.

Severity & Score

Severity: High

CVSS Score: 8.9

Impact

Attackers can execute scripts in victim browsers, enabling data modification, disruption, and access to sensitive information.

Mitigation

Update to the latest version with proper input validation and sanitization.

References

https://security.nozominetworks.com/NN-2026:2-01

Related Resources

Details

CVE ID: CVE-2025-40899
Severity: High
CVSS Score: 8.9
Type: stored_xss
Status: new

CWE

CWE-79

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:H