CVE-2025-6235 MEDIUM

CVE-2025-6235: ExtremeControl (NAC) 'onmouseover' XSS

Vendor Extreme Networks
Product ExtremeControl
Weakness CWE-79 · XSS
Published July 21, 2025
Last update July 21, 2025

CVSS base score

5.3/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:L

What the vulnerability does

01Description

In ExtremeControl before 25.5.12, a cross-site scripting (XSS) vulnerability was discovered in a login interface of the affected application. The issue stems from improper handling of user-supplied input within HTML attributes, allowing an attacker to inject script code that may execute in a user's browser under specific interaction conditions. Successful exploitation could lead to exposure of user data or unauthorized actions within the browser context.

Key dates

02Disclosure timeline

July 21, 2025 CVE published
July 21, 2025 Record updated