CVE-2025-40900EPSS p10.0%

CVE-2025-40900CVE-2025-40900

nozominetworks / cmc

Description

An Angular template injection vulnerability was discovered in the Reports functionality due to improper validation of an input parameter. An authenticated user with report privileges can define a malicious report containing an Angular template payload, or a victim can be socially engineered to import a malicious report template. When the victim views or imports the report, the Angular template executes in their browser context, allowing the attacker to modify application data, or disrupt application availability. Full XSS exploitation and direct information disclosure are prevented by the existing input validation and Content Security Policy configuration.

Scoring

CVSS 4.6 ()
VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L
EPSS0.20% probability of exploitation · percentile 10.0% · 2026-06-18T12:00:27Z
Last modified2026-06-09

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-40892
CVE
CVE-2025-40901
CVE
CVE-2025-40886
CVE
CVE-2025-40899
CVE
CVE-2025-40904
CVE
CVE-2025-40902
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.