CVE-2018-25131 Leica Geosystems GR10/GR25/GR30/GR50 GNSS 4.30.063 Stored XSS via Config Upload

🗓️ 24 Dec 2025 19:27:44Reported by VulnCheckType

Stored XSS in configuration upload on Leica Geosystems GNSS 4.30.063 allows arbitrary JavaScript execution.

Reporter	Title	Published	Views	Family All 7
CNNVD	Leica Geosystems GNSS 安全漏洞	24 Dec 202500:00	–	cnnvd
CVE	CVE-2018-25131	24 Dec 202519:27	–	cve
EUVD	EUVD-2025-205350	24 Dec 202521:30	–	euvd
NVD	CVE-2018-25131	24 Dec 202520:15	–	nvd
Positive Technologies	PT-2025-53352	24 Dec 202500:00	–	ptsecurity
Vulnrichment	CVE-2018-25131 Leica Geosystems GR10/GR25/GR30/GR50 GNSS 4.30.063 Stored XSS via Config Upload	24 Dec 202519:27	–	vulnrichment
Zero Science Lab	Leica Geosystems GR10/GR25/GR30/GR50 GNSS 4.30.063 JS/HTML Code Injection	5 Jan 201900:00	–	zeroscience

[
  {
    "vendor": "Leica Geosystems AG",
    "product": "GR10/GR25/GR30/GR50 GNSS",
    "versions": [
      {
        "version": "4.30.063",
        "status": "affected"
      },
      {
        "version": "4.20.232",
        "status": "affected"
      },
      {
        "version": "4.11.606",
        "status": "affected"
      },
      {
        "version": "3.22.1818",
        "status": "affected"
      },
      {
        "version": "3.10.1633",
        "status": "affected"
      },
      {
        "version": "2.62.782",
        "status": "affected"
      },
      {
        "version": "1.00.395",
        "status": "affected"
      }
    ]
  }
]

Source	Link
zeroscience	www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5503.php
leica-geosystems	www.leica-geosystems.com/
exploit-db	www.exploit-db.com/exploits/46091

24 Dec 2025 19:27Current

CVSS 45.1

CVSS 3.17.2

EPSS0.00025

CWE-79