CVE-2025-40902 - Vulnerability Details

A Stored HTML Injection vulnerability was discovered in the Users functionality due to improper validation of an input parameter. An authenticated user with administrative privileges can create a malicious user whose username contains HTML tags. When a victim attempts to delete a group containing the affected user, the injected HTML renders in their browser, enabling phishing and possibly open redirect attacks. Full XSS exploitation and direct information disclosure are prevented by the existing input validation and Content Security Policy configuration.

Attack Vector Network

Attack Complexity Low

Privileges Required High

Attack Requirements None

User Interaction Passive

Vulnerable System Confidentiality Impact Low

Vulnerable System Integrity Impact Low

Vulnerable System Availability Impact Low

Subsequent System Confidentiality Impact Low

Subsequent System Integrity Impact Low

Subsequent System Availability Impact Low

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Nozomi Networks	Cmc Guardian
Nozominetworks	Cmc Guardian

Configuration 1 [-]

OR	cpe:2.3:a:nozominetworks:cmc::::::::
	cpe:2.3:a:nozominetworks:guardian::::::::

No data.

OpenCVE Enrichment is a feature of OpenCVE that uses AI to automatically link vendors and products to CVEs. Learn more on GitHub.

Vendors	Products
Nozomi Networks	Cmc Guardian

References

Link	Providers
https://security.nozominetworks.com/NN-2026:5-01

History

Tue, 19 May 2026 17:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Nozominetworks Nozominetworks cmc Nozominetworks guardian
CPEs		cpe:2.3:a:nozominetworks:cmc:::::::: cpe:2.3:a:nozominetworks:guardian::::::::
Vendors & Products		Nozominetworks Nozominetworks cmc Nozominetworks guardian

Tue, 19 May 2026 14:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Tue, 19 May 2026 13:45:00 +0000

Type	Values Removed	Values Added
Description		A Stored HTML Injection vulnerability was discovered in the Users functionality due to improper validation of an input parameter. An authenticated user with administrative privileges can create a malicious user whose username contains HTML tags. When a victim attempts to delete a group containing the affected user, the injected HTML renders in their browser, enabling phishing and possibly open redirect attacks. Full XSS exploitation and direct information disclosure are prevented by the existing input validation and Content Security Policy configuration.
Title		HTML injection in Users in Guardian/CMC before 26.1.0
First Time appeared		Nozomi Networks Nozomi Networks cmc Nozomi Networks guardian
Weaknesses		CWE-79
CPEs		cpe:2.3:a:nozomi_networks:cmc:::::::: cpe:2.3:a:nozomi_networks:guardian::::::::
Vendors & Products		Nozomi Networks Nozomi Networks cmc Nozomi Networks guardian
References		https://security.nozominetworks.com/NN-2026:5-01
Metrics		cvssV3_1 `{'score': 5.9, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L'}` cvssV4_0 `{'score': 4.8, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L'}`

MITRE

Status: PUBLISHED

Assigner: Nozomi

Published: 2026-05-19T13:21:02.668Z

Updated: 2026-05-19T14:04:37.503Z

Reserved: 2025-04-16T09:04:35.923Z

Link: CVE-2025-40902

Vulnrichment

Updated: 2026-05-19T14:04:07.086Z

NVD

Status : Analyzed

Published: 2026-05-19T14:16:27.960

Modified: 2026-05-19T17:44:49.497

Link: CVE-2025-40902

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-05-19T15:15:07Z

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required High

Attack Requirements None

User Interaction Passive

Vulnerable System Confidentiality Impact Low

Vulnerable System Integrity Impact Low

Vulnerable System Availability Impact Low

Subsequent System Confidentiality Impact Low

Subsequent System Integrity Impact Low

Subsequent System Availability Impact Low

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction Required

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object

JSON object