CVE-2025-8386

MEDIUM

Description

The vulnerability, if exploited, could allow an authenticated miscreant
(with privilege of "aaConfigTools") to tamper with App Objects' help
files and persist a cross-site scripting (XSS) injection that when
executed by a victim user, can result in horizontal or vertical
escalation of privileges. The vulnerability can only be exploited during
config-time operations within the IDE component of Application Server.
Run-time components and operations are not affected.

CVSS v3 vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:L

Affected routers (0)

No routers currently mapped to this CVE in our database.

External references

• NIST NVD
• MITRE CVE