CVE-2025-9225

Summary

Stored cross-site scripting (XSS) in the web interface of MiR software versions prior to 3.0.0 on MiR Robots and MiR Fleet allows execution of arbitrary JavaScript code in a victim’s browser

Affected Software

VendorProductVersion RangeStatus
Mobile Industrial RobotsMiR Robots0 < 3.0.0affected
Mobile Industrial RobotsMiR Fleet0 < 3.0.0affected

Weaknesses

  • CWE-79: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')

Workarounds

If you cannot immediately update to the recommended version, we recommend the following compensating measures:

  1. Operate the MiR system in a segmented and secured network with strict firewall rules
  2. Secure user accounts on the MiR system as recommended in the MiR Cybersecurity Guide.

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References