CVE-2025-9404 in Scada-LTS
Summary
by MITRE • 08/25/2025
A vulnerability was identified in Scada-LTS up to 2.7.8.1. The affected element is an unknown function of the file /pointHierarchySLTS of the component Folder Handler. The manipulation of the argument Title leads to cross site scripting. It is possible to initiate the attack remotely. The exploit is publicly available and might be used.
If you want to get best quality of vulnerability data, you may have to visit VulDB.
Analysis
by VulDB Data Team • 09/11/2025
The vulnerability CVE-2025-9404 affects Scada-LTS version 2.7.8.1 and earlier, representing a critical cross-site scripting vulnerability within the Folder Handler component. This flaw exists in the /pointHierarchySLTS file where an unknown function processes user-supplied input, specifically the Title argument, without adequate sanitization or validation. The vulnerability's presence in the Folder Handler component suggests it operates within the system's data management and organizational structure functionality, potentially affecting how point hierarchies are displayed or managed within the SCADA environment.
The technical exploitation of this vulnerability occurs through manipulation of the Title argument parameter, which allows attackers to inject malicious scripts that execute in the context of other users' browsers. This cross-site scripting flaw enables remote code execution capabilities, as the attack can be initiated without requiring local system access or physical presence. The vulnerability's classification as publicly available means that threat actors have access to exploitation tools, increasing the risk of widespread compromise. The remote attack vector eliminates the need for attackers to be physically present or have network proximity to the affected system, making it particularly dangerous for industrial control systems that may have limited network segmentation.
The operational impact of CVE-2025-9404 extends beyond traditional web application security concerns, as it directly affects industrial automation and control systems where SCADA platforms manage critical infrastructure operations. The vulnerability could potentially allow attackers to manipulate data displayed in the point hierarchy interface, which might lead to incorrect operational decisions or system misconfigurations. Given that SCADA systems often control essential services such as power generation, water treatment, and manufacturing processes, the ability to inject malicious scripts could enable attackers to gain insights into system configurations or potentially disrupt operations through data corruption or manipulation.
Security professionals should implement multiple layers of defense to mitigate this vulnerability, including input validation and output encoding for all user-supplied parameters within the Folder Handler component. The implementation of Content Security Policy headers can provide additional protection against script injection attacks. Regular security assessments should focus on identifying similar vulnerabilities in other components of the SCADA system, as this flaw demonstrates potential weaknesses in input handling and validation. Organizations should also consider network segmentation and access controls to limit potential attack surfaces, while monitoring for any exploitation attempts that may be detected through anomalous network traffic patterns or unusual system behavior. The vulnerability aligns with CWE-79, which specifically addresses cross-site scripting flaws, and represents a significant concern for ATT&CK technique T1566, which encompasses social engineering and initial access vectors through web-based attacks.