CVE-2025-25612 in S3150-8T2F
Summary
by MITRE • 03/17/2025
FS Inc S3150-8T2F prior to version S3150-8T2F_2.2.0D_135103 is vulnerable to Cross Site Scripting (XSS) in the Time Range Configuration functionality of the administration interface. An attacker can inject malicious JavaScript into the "Time Range Name" field, which is improperly sanitized. When this input is saved, it is later executed in the browser of any user accessing the affected page, including administrators, resulting in arbitrary script execution in the user's browser.
Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
Analysis
by VulDB Data Team • 06/05/2025
The vulnerability identified as CVE-2025-25612 affects the FS Inc S3150-8T2F network security device running firmware versions prior to S3150-8T2F_2.2.0D_135103. This device operates within the network infrastructure security domain and provides administrative interfaces for system configuration and monitoring. The vulnerability specifically resides within the Time Range Configuration functionality of the administration interface, which allows network administrators to define time-based policies for various security controls. The affected component represents a critical attack surface since it provides direct access to administrative functions that control network security policies and can be exploited by unauthorized users to compromise the device's integrity and confidentiality.
The technical flaw manifests as a cross site scripting vulnerability classified under CWE-79 in the input validation and output encoding practices of the administration interface. The Time Range Name field fails to properly sanitize user input, allowing malicious JavaScript code to be injected and stored within the device's configuration database. This improper sanitization occurs during the data processing phase when user-supplied values are accepted without adequate validation or encoding mechanisms. The vulnerability is particularly concerning because the stored input is later rendered in the browser context without proper HTML escaping or context-appropriate encoding, creating a persistent XSS condition. The attack vector requires minimal privileges since an authenticated attacker with administrative access can manipulate the configuration fields, though the impact extends to any user accessing the affected administrative page.
The operational impact of this vulnerability is significant as it enables arbitrary code execution within the browser context of any user accessing the affected administrative interface. This includes network administrators who may unknowingly trigger the malicious script when viewing the Time Range Configuration page, potentially leading to session hijacking, credential theft, or further privilege escalation attacks. The vulnerability can be exploited to establish persistent access to the device's administrative interface, allowing attackers to modify security policies, create backdoor access points, or exfiltrate sensitive configuration data. The persistent nature of the stored XSS means that the malicious payload remains active until the affected device is updated or the configuration is manually cleared, providing attackers with extended access windows. This vulnerability directly impacts the integrity and availability of the network security infrastructure, potentially compromising the security posture of the entire network.
Mitigation strategies should prioritize immediate firmware updates to version S3150-8T2F_2.2.0D_135103 or later, which includes proper input sanitization and output encoding mechanisms. Network administrators should implement additional monitoring of administrative interfaces for suspicious configuration changes and establish regular security assessments of network infrastructure devices. The implementation of Content Security Policy headers can provide additional protection against XSS attacks, though this is a secondary measure that does not address the root cause. Organizations should also consider implementing network segmentation and access controls to limit administrative access to critical infrastructure devices. The vulnerability aligns with ATT&CK technique T1566.001 for initial access through malicious file delivery and T1071.004 for application layer protocol usage, though the primary attack pathway is through web-based exploitation of the administrative interface. Regular vulnerability scanning and penetration testing of network infrastructure should be conducted to identify similar unsanitized input scenarios across other administrative components.