CVE-2025-13902

Summary

CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists that could cause condition where authenticated attackers can have a victim’s browser run arbitrary JavaScript when the victim hovers over a maliciously crafted element on a web server containing the injected payload.

Affected Software

VendorProductVersion RangeStatus
Schneider ElectricModicon Controllers M241/M251Versions prior to 5.4.13.12affected
Schneider ElectricModicon Controllers M258/LMC058All versionsaffected

Weaknesses

  • CWE-79: CWE-79 Improper neutralization of input during web page generation ('cross-site scripting')

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References