anonhaven
Ad

CVE-2025-40842

HIGH CVSS 4.0: 8.5 EPSS 0.03%
Updated Mar 27, 2026
Ericsson
Parameter Value
CVSS 8.5 (HIGH)
Affected Versions before 2025.q3
Fixed In 2025.q3
Type CWE-79 (Cross-Site Scripting (XSS))
Vendor Ericsson
Public PoC No

Ericsson Indoor Connect 8855 versions prior to 2025.Q3 contains a Cross-Site Scripting (XSS) vulnerability which, if exploited, can lead to unauthorized disclosure and modification of certain information.

Attack Parameters

Attack Vector
Network
Can be exploited remotely
Attack Complexity
Low
Easy to exploit
Attack Requirements
None
No additional conditions
Privileges Required
Low
Basic privileges needed
User Interaction
Passive
Minimal interaction

Impact Assessment

Confidentiality
High
Complete data leak
Integrity
High
Complete data modification
Availability
None
No disruption

CVSS Vector v4.0

Weakness Type (CWE)

CWE-79 Cross-Site Scripting (XSS)

Vulnerable Products 2

Configuration From (including) Up to (excluding)
Ericsson Indoor_Connect_8855_Firmware
cpe:2.3:o:ericsson:indoor_connect_8855_firmware:*:*:*:*:*:*:*:*
 2025.q3
Ericsson Indoor_Connect_8855
cpe:2.3:h:ericsson:indoor_connect_8855:-:*:*:*:*:*:*:*

References 2

https://www.ericsson.com/en/about-us/security/psirt/CVE-2025-40842
85b1779b-6ecd-4f52-bcc5-73eac4659dcf
https://www.ericsson.com/en/about-us/security/psirt/security-bulletin-indoorcon…
85b1779b-6ecd-4f52-bcc5-73eac4659dcf
Share Post Share Share Share

Related Vulnerabilities

CVE-2025-40841

Ericsson

5.1

CVE-2025-27260

Ericsson

7.2

CVE-2025-40843

Ericsson

5.9

CVE-2025-1300

Ericsson

6.1

CVE-2024-53829

Ericsson

8.2