Description

In ExtremeControl before 25.5.12, a cross-site scripting (XSS) vulnerability was discovered in a login interface of the affected application. The issue stems from improper handling of user-supplied input within HTML attributes, allowing an attacker to inject script code that may execute in a user's browser under specific interaction conditions. Successful exploitation could lead to exposure of user data or unauthorized actions within the browser context.

INFO

Published Date :

2025-07-21T14:07:41.882Z

Last Modified :

2025-07-21T20:03:49.151Z

Source :

ExtremeNetworks
AFFECTED PRODUCTS

The following products are affected by CVE-2025-6235 vulnerability.

No data.

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-6235.

URL Resource
https://extreme-networks.my.site.com/ExtrArticleDetail?an=000128019 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Attack Requirements
Privileges Required
User Interaction
VS Confidentiality
VS Integrity
VS Availability
SS Confidentiality
SS Integrity
SS Availability