CVE-2025-25612
📋 TL;DR
This vulnerability allows attackers to inject malicious JavaScript into the 'Time Range Name' field of the FS Inc S3150-8T2F administration interface, leading to cross-site scripting (XSS). When exploited, arbitrary scripts execute in the browser of any user accessing the affected page, potentially compromising administrators. Affected users include anyone using the vulnerable versions of this network switch.
💻 Affected Systems
- FS Inc S3150-8T2F
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
An attacker could steal administrator session cookies, perform actions as the administrator (like changing configurations), or redirect users to malicious sites, leading to full device compromise.
Likely Case
Attackers may steal session tokens to gain unauthorized access to the administration interface, enabling further network manipulation or data theft.
If Mitigated
With proper input sanitization and output encoding, the risk is reduced to minimal, preventing script execution and limiting impact to non-critical data exposure.
🎯 Exploit Status
Exploitation requires access to the administration interface, which typically needs authentication; however, if an attacker gains such access, the XSS injection is straightforward.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: S3150-8T2F_2.2.0D_135103 or later
Vendor Advisory: http://fs.com
Restart Required: No
Instructions:
1. Log into the S3150-8T2F administration interface. 2. Navigate to the firmware update section. 3. Download and apply the latest firmware version S3150-8T2F_2.2.0D_135103 or higher from the vendor website. 4. Verify the update completes successfully without errors.
🔧 Temporary Workarounds
Input Validation and Sanitization
allImplement server-side input validation to strip or encode JavaScript from the 'Time Range Name' field before saving.
Not applicable (requires code changes)
Content Security Policy (CSP)
allDeploy a strict CSP header to block inline scripts and restrict script sources, reducing XSS impact.
Add HTTP header: Content-Security-Policy: default-src 'self'; script-src 'self'
🧯 If You Can't Patch
- Restrict access to the administration interface using network ACLs or firewalls to trusted IP addresses only.
- Monitor and audit logs for unusual activity in the Time Range Configuration page to detect potential exploitation attempts.
🔍 How to Verify
Check if Vulnerable:
Check the firmware version in the administration interface; if it is prior to S3150-8T2F_2.2.0D_135103, the device is vulnerable.Check Version:
Log into the web interface and navigate to System > Firmware Information to view the current version.Verify Fix Applied:
After updating, confirm the firmware version is S3150-8T2F_2.2.0D_135103 or later in the administration interface and test the Time Range Name field for script execution.📡 Detection & Monitoring
Log Indicators:
- Unusual entries in web server logs showing JavaScript payloads in POST requests to Time Range Configuration endpoints.
Network Indicators:
- HTTP requests containing script tags or encoded JavaScript in the 'Time Range Name' parameter.
SIEM Query:
source="web_logs" AND (url_path="/time_range_config" AND request_body CONTAINS "<script>" OR "javascript:")