CVE-2025-1354 MEDIUM

CVE-2025-1354

Vendor Asus

Product RT-N12E

Weakness CWE-79 · XSS

Published February 16, 2025

Last update March 13, 2025

View on NVD All CVEs

CVSS base score

4.8/10

Attack vector Network

Attack complexity Low

Privileges required High

User interaction —

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

01Description

A cross-site scripting (XSS) vulnerability in the RT-N10E/ RT-N12E 2.0.0.x firmware . This vulnerability caused by improper input validation and can be triggered via the manipulation of the SSID argument in the sysinfo.asp file, leading to disclosure of sensitive information. Note: All versions of RT-N10E and RT-N12E are unsupported (End-of-Life, EOL). Consumers can mitigate this vulnerability by disabling the remote access features from WAN

Key dates

02Disclosure timeline

February 16, 2025 CVE published

March 13, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-1354

Related vulnerabilities

04Related CVE

CVE-2023-25796 WordPress WP BaiDu Submit Plugin <= 1.2.1 is vulnerable to Cross Site Scripting (XSS) CVE-2025-4586 IRM Newsroom <= 1.2.19 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'irmcalendarview' Shortcode CVE-2026-9527 itsourcecode Electronic Judging System judges.php cross site scripting CVE-2023-4597 Slimstat Analytics <= 5.0.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode CVE-2021-28625 Adobe Experience Manager Cross-site Scripting vulnerability in inbox workitem.jsp

Identifiers

CVE CVE-2025-1354

CWE CWE-79

CVSS 4.8 / MEDIUM

Affected versions

Vendor Asus

Product RT-N12E

Affected before 2.0.0.39

Vendor Asus

Product RT-N10E

Affected before 2.0.0.39