CVE-2025-11004

Vulnerability Description

The Simplicity Device Manager Tool has a Reflected XSS (Cross-site-scripting) vulnerability in several API endpoints. The attacker needs to be on the same network to execute this attack. These APIs can affect confidentiality, integrity, and availability of the system that has Simplicity Device Manager tool running in the background.

Related Weaknesses (CWE)

CWE-79

References

https://community.silabs.com/068Vm00000fjgJj

FAQ

What is CVE-2025-11004?

CVE-2025-11004 is a documented vulnerability. The Simplicity Device Manager Tool has a Reflected XSS (Cross-site-scripting) vulnerability in several API endpoints. The attacker needs to be on the same network to execute this attack. These APIs ca...

How severe is CVE-2025-11004?

CVSS scoring is not yet available for CVE-2025-11004. Check NVD for updates.

Is there a patch for CVE-2025-11004?

Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.