CVE-2025-10240 HIGH

CVE-2025-10240: Possibility of unintended actions when a user clicks a malicious link in the Progress Flowmon web application

Vendor Progress Software
Product Flowmon
Weakness CWE-79 · XSS
Published October 9, 2025
Last update February 26, 2026

CVSS base score

8.8/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction Required
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

A vulnerability exists in the Progress Flowmon web application prior to version 12.5.5, whereby a user who clicks a malicious link provided by an attacker may inadvertently trigger unintended actions within their authenticated session.

Key dates

02Disclosure timeline

October 9, 2025 CVE published
February 26, 2026 Record updated