CVE-2025-1434 MEDIUM

CVE-2025-1434: XSS in AREAL SAS Topkapi Vision Webserv2

Vendor Areal Sas

Product Topkapi Vision Webserv2

Weakness CWE-79 · XSS

Published March 11, 2025

Last update March 11, 2025

View on NVD All CVEs

CVSS base score

6.1/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction Required

Confidentiality Low

Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:L

What the vulnerability does

01Description

The Spreadsheet view is vulnerable to a XSS attack, where a remote unauthorised attacker can read a limited amount of values or DoS the affected spreadsheet. Disclosure of secrets or other system settings is not affected as well as other spreadsheets still work as expected.

Key dates

02Disclosure timeline

March 11, 2025 CVE published

March 11, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-1434

Related vulnerabilities

Identifiers

CVE CVE-2025-1434

CWE CWE-79

CVSS 6.1 / MEDIUM

Affected versions