How serious is CVE-2025-40894?

This vulnerability has a CVSS score of 2.1 out of 10, classified as LOW severity. Proof-of-concept exploit code is publicly available, making this an active threat.

Is there exploit code available for CVE-2025-40894?

Yes, proof-of-concept exploit code for CVE-2025-40894 is publicly available on GitHub and security research platforms. This increases the risk of active exploitation.

Which products are affected by CVE-2025-40894?

CVE-2025-40894 affects nozominetworks cmc. Check the full CVE details for specific version information.

How do I fix CVE-2025-40894?

To remediate CVE-2025-40894, check for security patches from nozominetworks. Apply all available updates and security patches. If no patch is available, implement recommended workarounds or security controls to mitigate the risk.

CVE-2025-40894

Low

|2.1

Exploit Available

Plain English Summary

AI-powered analysis for quick understanding

This vulnerability allows a malicious user with the right permissions to inject harmful HTML into a node label, which could then be displayed to other users in the Alerted Nodes Dashboard. While the risk of full exploitation is limited by existing security measures, it could still lead to phishing attempts or redirecting users to malicious sites if they interact with the affected alerts.

Technical Description

A Stored HTML Injection vulnerability was discovered in the Alerted Nodes Dashboard functionality due to improper validation on an input parameter. A malicious authenticated user with the required privileges could edit a node label to inject HTML tags. If the system is configured to use the Alerted Nodes Dashboard, and alerts are reported for the affected node, then the injected HTML may render in the browser of a victim user interacting with it, enabling phishing and possibly open redirect attacks. Full XSS exploitation and direct information disclosure are prevented by the existing input validation and Content Security Policy configuration.

CVSS Vector Analysis

Attack VectorNetwork

Attack ComplexityHigh

Privileges RequiredLow

User InteractionRequired

Confidentiality ImpactHigh

Integrity ImpactHigh

Availability ImpactHigh

ScopeChanged

Vector String

CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:P/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Exploit Resources

Search for proof-of-concept code and exploit modules

GitHub Search Exploit-DB Nuclei Templates Metasploit Vulners

Official References

NIST NVD

Est. Bounty

$311($100-$500)

Vendor Response

Grade APatched in 1 day

Quick Information

Published

Mar 4, 2026

about 1 month ago

Last Modified

Mar 5, 2026

about 1 month ago

Vendor

nozominetworks

Product

cmc

Related Vulnerabilities

CVE-2025-40896Medium

An attacker could intercept and manipulate the communication between an Arc agent and its server, allowing them to steal sensitive information or send false data. This vulnerability occurs because the server's identity isn't properly verified when the Arc agent connects, making it easier for the attacker to impersonate the server.

CVE-2025-40895Low

This vulnerability allows a malicious user with admin access to a connected Guardian to inject harmful HTML into the CMC's Sensor Map feature, which could trick other users into clicking on phishing links. However, this can only happen if the Sensor Map is enabled, and the attack is limited because existing security measures prevent more serious exploits like full account takeover or data theft.