CVE-2025-9225 MEDIUM

CVE-2025-9225: Cross-site scripting (XSS) in MiR robots and MiR fleet

Vendor Mobile Industrial Robots

Product MiR Robots

Weakness CWE-79 · XSS

Published August 20, 2025

Last update November 5, 2025

View on NVD All CVEs

CVSS base score

5.5/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction Required

Confidentiality Low

Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L

What the vulnerability does

01Description

Stored cross-site scripting (XSS) in the web interface of MiR software versions prior to 3.0.0 on MiR Robots and MiR Fleet allows execution of arbitrary JavaScript code in a victim’s browser

Key dates

02Disclosure timeline

August 20, 2025 CVE published

November 5, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-9225

Related vulnerabilities

04Related CVE

CVE-2025-58357 5ire Chat Message XSS Vulnerability Enables Remote Code Execution CVE-2024-53774 WordPress Sparkle Elementor Kit plugin <= 2.0.9 - Cross Site Scripting (XSS) vulnerability CVE-2026-1744 D-Link DSL-6641K sp_pppoe_user.js doSubmitPPP cross site scripting CVE-2025-23623 WordPress Contact Form 7 – CCAvenue Add-on plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability CVE-2024-49641 WordPress Tida URL Screenshot plugin <= 1.0.1 - Reflected Cross Site Scripting (XSS) vulnerability

Identifiers

CVE CVE-2025-9225

CWE CWE-79

CVSS 5.5 / MEDIUM

Affected versions

Vendor Mobile Industrial Robots

Product MiR Robots

Affected < 3.0.0

Vendor Mobile Industrial Robots

Product MiR Fleet

Affected < 3.0.0