CVE-2025-52687 LOW

CVE-2025-52687: JavaScript Injection Vulnerability in the OmniAccess Stellar Web Management Interface

Vendor Alcatel-Lucent

Product OmniAccess Stellar

Weakness CWE-77

Published July 16, 2025

Last update July 16, 2025

View on NVD All CVEs

CVSS base score

2.4/10

Attack vector Network

Attack complexity Low

Privileges required High

User interaction Required

Confidentiality None

Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N

What the vulnerability does

Description

Successful exploitation of the vulnerability could allow an attacker with administrator credentials for the access point to inject malicious JavaScript into the payload of web traffics, potentially leading to session hijacking and denial-of-service (DoS).

Key dates

Disclosure timeline

July 16, 2025 CVE published

July 16, 2025 Record updated

Identifiers

CVE CVE-2025-52687

CWE CWE-77

CVSS 2.4 / LOW

Affected versions

Vendor Alcatel-Lucent

Product OmniAccess Stellar

Affected AP1100 AWOS versions 5.0.2 GA and earlier

Vendor Alcatel-Lucent

Product OmniAccess Stellar

Affected AP1200 AWOS versions 5.0.2 GA and earlier

Vendor Alcatel-Lucent

Product OmniAccess Stellar

Affected AP1300 AWOS versions 5.0.2 GA and earlier

Vendor Alcatel-Lucent

Product OmniAccess Stellar

Affected AP1400 AWOS versions 5.0.2 GA and earlier

Vendor Alcatel-Lucent

Product OmniAccess Stellar

Affected AP1500 AWOS versions 5.0.2 GA and earlier