CVE-2025-2072 MEDIUM

CVE-2025-2072: Reflected Cross-Site Scripting (XSS) Vulnerability in FAST LTA Silent Brick WebUI

Vendor Fast Lta
Product FAST LTA Silent Brick WebUI
Weakness CWE-79 · XSS
Published March 31, 2025
Last update March 31, 2025

CVSS base score

5.1/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L/RE:L/U:Amber

What the vulnerability does

01Description

A Reflected Cross-Site Scripting (XSS) vulnerability has been discovered in FAST LTA Silent Brick WebUI, allowing attackers to inject malicious JavaScript code into web pages viewed by users. This issue arises when user-supplied input is improperly handled and reflected directly in the output of a web page without proper sanitization or encoding. Exploiting this vulnerability, an attacker can execute arbitrary JavaScript in the context of the victim's browser, potentially leading to session hijacking, data theft, and other malicious actions. Affected WebUI parameters are "h", "hd", "p", "pi", "s", "t", "x", "y".

Key dates

02Disclosure timeline

March 31, 2025 CVE published
March 31, 2025 Record updated