CVE-2025-41364 MEDIUM

CVE-2025-41364: Stored Cross-Site Scripting (XSS) vulnerability in IDF and ZLF

Vendor Ziv

Product IDF and ZLF

Weakness CWE-79 · XSS

Published June 6, 2025

Last update June 6, 2025

View on NVD All CVEs

CVSS base score

5.1/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction —

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

What the vulnerability does

01Description

Stored Cross-Site Scripting (XSS) vulnerability in IDF v0.10.0-0C03-03 and ZLF v0.10.0-0C03-04. This vulnerability allows an attacker to store malicious JavaScript payload in software that will run in the victim's browser. Exploiting this vulnerability requires authenticating to the device and executing certain commands that can be executed with view permission.

Key dates

02Disclosure timeline

June 6, 2025 CVE published

June 6, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-41364 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

CVE-2025-41364: Stored Cross-Site Scripting (XSS) vulnerability in IDF and ZLF

01Description

02Disclosure timeline

03References

04Related CVE