IM
IronMonkey Threat Research

CVE-2025-40900 MEDIUM

Published: 2026-05-19 | Last Modified: 2026-06-09 | Status: Modified

Description

An Angular template injection vulnerability was discovered in the Reports functionality due to improper validation of an input parameter. An authenticated user with report privileges can define a malicious report containing an Angular template payload, or a victim can be socially engineered to import a malicious report template. When the victim views or imports the report, the Angular template executes in their browser context, allowing the attacker to modify application data, or disrupt application availability. Full XSS exploitation and direct information disclosure are prevented by the existing input validation and Content Security Policy configuration.

CVSS Metrics

Base Score: 4.6 (MEDIUM)

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L

Attack VectorNETWORK
Attack ComplexityLOW
Privileges RequiredLOW
User InteractionREQUIRED
ScopeUNCHANGED
Confidentiality ImpactNONE
Integrity ImpactLOW
Availability ImpactLOW

Source: [email protected]

Type: Secondary

Exploitability Score: 2.1

Impact Score: 2.5

Base Score: 5.1 (MEDIUM)

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack VectorNETWORK
Attack ComplexityLOW
Attack RequirementsNONE
Privileges RequiredLOW
User InteractionPASSIVE
Vulnerability ConfidentialityNONE
Vulnerability IntegrityLOW
Vulnerability AvailabilityLOW
Subsequent ConfidentialityNONE
Subsequent IntegrityNONE
Subsequent AvailabilityNONE

Source: [email protected]

Type: Secondary

Weaknesses

Source Type Description
[email protected] Secondary
en CWE-1336

Affected Products

Vendor Product Version Update Type
nozominetworks cmc * <built-in method update of dict object at 0x7d1ea39fe580> Application
nozominetworks guardian * <built-in method update of dict object at 0x7d1e5f774f00> Application

Affected Configurations

Operator: OR

Vulnerable CPE
Yes cpe:2.3:a:nozominetworks:cmc:*:*:*:*:*:*:*:*
Yes cpe:2.3:a:nozominetworks:guardian:*:*:*:*:*:*:*:*

References

Notification
Message here