CVE-2025-34257

🗓️ 05 Dec 2025 17:15:24Reported by VulnCheckType

cve🔗 web.nvd.nist.gov👁 5 Views🌐 WEB

Authenticated stored XSS in Advantech WISE-DeviceOn Server prior to 5.4 via /rmm/v1/action/defined.

Reporter	Title	Published	Views	Family All 9
CNNVD	Advantech WISE-DeviceOn Server 跨站脚本漏洞	5 Dec 202500:00	–	cnnvd
CNVD	Advantech WISE-DeviceOn Server Cross-Site Scripting Vulnerability	10 Dec 202500:00	–	cnvd
Cvelist	CVE-2025-34257 Advantech WISE-DeviceOn Server < 5.4 Authenticated Stored XSS via action/defined	5 Dec 202517:15	–	cvelist
EUVD	EUVD-2025-201439	5 Dec 202517:15	–	euvd
NVD	CVE-2025-34257	5 Dec 202518:15	–	nvd
OSV	CVE-2025-34257	5 Dec 202518:15	–	osv
Positive Technologies	PT-2025-49278	5 Dec 202500:00	–	ptsecurity
RedhatCVE	CVE-2025-34257	6 Dec 202517:54	–	redhatcve
Vulnrichment	CVE-2025-34257 Advantech WISE-DeviceOn Server < 5.4 Authenticated Stored XSS via action/defined	5 Dec 202517:15	–	vulnrichment

NVD

Vulners

Node

advantech wise-deviceon_serverRange<5.4

[
  {
    "defaultStatus": "unaffected",
    "product": "WISE-DeviceOn Server",
    "vendor": "Advantech Co., Ltd.",
    "versions": [
      {
        "lessThan": "5.4",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
advcloudfiles	www.advcloudfiles.advantech.com/cms/2ca1b071-fd78-4d7f-8a2a-7b4537a95d19/Security%20Advisory%20PDF%20File/SECURITY-ADVISORY----DeviceOn-20251208-2.pdf
docs	www.docs.deviceon.advantech.com/docs/resource/
vulncheck	www.vulncheck.com/advisories/advantech-wise-deviceon-server-authenticated-stored-xss-via-action-defined

Parameter	Position	Path	Description	CWE
defined_name	request body	/rmm/v1/action/defined	Stored cross-site scripting (XSS) in Advantech WISE-DeviceOn Server before 5.4 via /rmm/v1/action/defined when creating a task; defined_name is stored and rendered without HTML sanitization in the Overview page.	CWE-79

14 May 2026 02:08Current

5Medium risk

Vulners AI Score5

CVSS 3.15.4

CVSS 45.1

EPSS0.00024

SSVC

CWE-79