CVE-2025-3718
07.10.2025, 13:15
A client-side path traversal vulnerability was discovered in the web management interface front-end due to missing validation of an input parameter. An authenticated user with limited privileges can craft a malicious URL which, if visited by an authenticated victim, leads to a Cross-Site Scripting (XSS) attack.
Awaiting analysis
This vulnerability is currently awaiting analysis.