CVE-2025-22996

CWE-79Cross-site Scripting (XSS)CWE-7724 documents4 sources
Severity
4.8MEDIUM
EPSS
0.2%
top 62.08%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Linksys E5600 Firmware
Timeline
PublishedJan 15

Description

A stored cross-site scripting (XSS) vulnerability in the spf_table_content component of Linksys E5600 Router Ver. 1.1.0.26 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the desc parameter.

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 1.7 | Impact: 2.7

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-f2q7-hmv9-hgpp: A stored cross-site scripting (XSS) vulnerability in the spf_table_content component of Linksys E5600 Router Ver2025-01-15
CVEList
CVE-2025-22996: A stored cross-site scripting (XSS) vulnerability in the spf_table_content component of Linksys E5600 Router Ver2025-01-14

📋Vendor Advisories

1
Microsoft
In the Linux kernel before 5.17.2 drivers/soc/qcom/qcom_aoss.c does not release an of_find_device_by_node reference after use e.g. with put_device.2023-02-14
CVE-2025-22996 (MEDIUM CVSS 4.8) | A stored cross-site scripting (XSS) | cvebase.io