Vulnerability Details CVE-2025-3718
A client-side path traversal vulnerability was discovered in the web management interface front-end due to missing validation of an input parameter. An authenticated user with limited privileges can craft a malicious URL which, if visited by an authenticated victim, leads to a Cross-Site Scripting (XSS) attack.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 6.5%
CVSS Severity
CVSS v3 Score 7.9
Products affected by CVE-2025-3718
-
cpe:2.3:a:nozominetworks:cmc:22.0.0
-
cpe:2.3:a:nozominetworks:cmc:22.5.2
-
cpe:2.3:a:nozominetworks:cmc:22.6.0
-
cpe:2.3:a:nozominetworks:cmc:22.6.3
-
cpe:2.3:a:nozominetworks:cmc:23.0.0
-
cpe:2.3:a:nozominetworks:cmc:23.1.0
-
cpe:2.3:a:nozominetworks:cmc:23.3.0
-
cpe:2.3:a:nozominetworks:guardian:19.0.4
-
cpe:2.3:a:nozominetworks:guardian:22.0.0
-
cpe:2.3:a:nozominetworks:guardian:22.5.2
-
cpe:2.3:a:nozominetworks:guardian:22.6.0
-
cpe:2.3:a:nozominetworks:guardian:22.6.3
-
cpe:2.3:a:nozominetworks:guardian:23.0.0
-
cpe:2.3:a:nozominetworks:guardian:23.1.0
-
cpe:2.3:a:nozominetworks:guardian:23.3.0