CVE-2025-68915 – This vulnerability allows cross-site scripting ... (How to Fix)

Q: What is the severity of CVE-2025-68915?

CVE-2025-68915 has a CVSS score of 5.5 (MEDIUM). This vulnerability allows cross-site scripting (XSS) attacks through the login banner functionality in Riello UPS NetMan 208 Application. Attackers can inject malicious scripts that execute in users' browsers when they view the login banner. Organizations using vulnerable versions of this UPS management software are affected.

📋 TL;DR

This vulnerability allows cross-site scripting (XSS) attacks through the login banner functionality in Riello UPS NetMan 208 Application. Attackers can inject malicious scripts that execute in users' browsers when they view the login banner. Organizations using vulnerable versions of this UPS management software are affected.

💻 Affected Systems

Products:

Riello UPS NetMan 208 Application

Versions: Versions before 1.12

Operating Systems: Not OS-specific - runs on embedded UPS hardware

Default Config Vulnerable: ⚠️ Yes

Notes: Affects the web management interface of the UPS hardware

📦 What is this software?

Netman 208 by Riello Ups

View all CVEs affecting Netman 208 →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could steal administrator credentials, hijack sessions, or redirect users to malicious sites, potentially gaining full control of the UPS management system.

🟠

Likely Case

Attackers could perform session hijacking or credential theft against administrators accessing the web interface.

🟢

If Mitigated

With proper network segmentation and access controls, impact is limited to the UPS management interface only.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

XSS vulnerabilities are commonly weaponized and require minimal technical skill to exploit

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Version 1.12 or later

Vendor Advisory: https://github.com/gerico-lab/riello-multiple-vulnerabilities-2025

Restart Required: Yes

Instructions:

1. Download latest firmware from Riello website. 2. Backup current configuration. 3. Apply firmware update via web interface. 4. Restart the UPS management module.

🔧 Temporary Workarounds

Disable web interface access

all

Temporarily disable web management interface access until patching

Configure firewall to block access to port 80/443 on UPS management IP

Input validation via reverse proxy

all

Deploy a reverse proxy with input sanitization for the login banner endpoint

Configure WAF or reverse proxy to sanitize requests to /cgi-bin/loginbanner_w.cgi

🧯 If You Can't Patch

Isolate UPS management network segment from user networks
Implement strict access controls allowing only trusted administrators to access the web interface

🔍 How to Verify

Check if Vulnerable:

Check web interface version at login page or via SNMP query to UPS management module

Check Version:

curl -s http://<ups-ip>/ | grep -i 'netman.*version'

Verify Fix Applied:

Verify version is 1.12 or higher and test XSS payloads no longer execute

📡 Detection & Monitoring

Log Indicators:

Unusual POST requests to /cgi-bin/loginbanner_w.cgi
JavaScript payloads in URL parameters

Network Indicators:

HTTP requests containing script tags or JavaScript in login banner parameters

SIEM Query:

source="ups-web-logs" AND (uri="/cgi-bin/loginbanner_w.cgi" AND (param="script" OR param="javascript"))

📊 Metadata

CVE ID: CVE-2025-68915

CVSS v3 Score: 5.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N

CWE: CWE-79

EPSS Score: 0.04% exploit probability (12th percentile)

Published: December 24, 2025

Last Updated: January 2, 2026

🔗 References

https://github.com/gerico-lab/riello-multiple-vulnerabilities-2025 Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-68915, you might also want to check these: