CVE-2026-25787 - Vulnerability Analysis
CriticalCVSS: 9.1Last Updated: May 12, 2026
Affected Devices - Stored XSS
Overview
Affected devices contain a stored XSS caused by improper validation and sanitization of Technology Object (TO) names on the Motion Control Diagnostics web page, letting authenticated attackers inject scripts executed by users with access.
Severity & Score
Impact
Authenticated attackers can execute malicious scripts in the context of other users' web sessions, potentially stealing data or performing actions on their behalf.
Mitigation
Update to the latest version with proper input validation and sanitization.
Social Media Activity(2 posts)
š“ CVE-2026-25787 - Critical (9.1) Affected devices do not properly validate and sanitize Technology Object (TO) name rendered on the "Motion Control Diagnostics" page of the web interface. This could allow an authenticated attacker who is authorized to download a TIA project into ... š https://www.thehackerwire.com/vulnerability/CVE-2026-25787/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
View original post
š“ CVE-2026-25787 - Critical (9.1) Affected devices do not properly validate and sanitize Technology Object (TO) name rendered on the "Motion Control Diagnostics" page of the web interface. This could allow an authenticated attacker who is authorized to download a TIA project into ... š https://www.thehackerwire.com/vulnerability/CVE-2026-25787/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
View original postRelated Resources
Details
- CVE ID
- CVE-2026-25787
- Severity
- Critical
- CVSS Score
- 9.1
- Type
- stored_xss
- Status
- unconfirmed
- EPSS
- 4.4%
- Social Posts
- 2
CWE
- CWE-79
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H