CVE-2025-40842 HIGH

CVE-2025-40842: Ericsson Indoor Connect 8855 - Improper Neutralization of Input During Web Page Generation Vulnerability

Vendor Ericsson

Product Indoor Connect 8855

Weakness CWE-79 · XSS

Published March 25, 2026

Last update March 25, 2026

View on NVD All CVEs

CVSS base score

8.5/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction —

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

01Description

Ericsson Indoor Connect 8855 versions prior to 2025.Q3 contains a Cross-Site Scripting (XSS) vulnerability which, if exploited, can lead to unauthorized disclosure and modification of certain information.

Key dates

02Disclosure timeline

March 25, 2026 CVE published

March 25, 2026 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-40842

Related vulnerabilities

04Related CVE

CVE-2021-24656 Simple Social Media Share Buttons < 3.2.4 - Authenticated Stored Cross-Site Scripting CVE-2025-13962 Divelogs Widget <= 1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes CVE-2024-50440 WordPress CodePen Embedded Pens Shortcode plugin <= 1.0.2 - Cross Site Scripting (XSS) vulnerability CVE-2025-15171 SohuTV CacheCloud ServerController.java index cross site scripting CVE-2024-1451 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab