Vulnerability Description
An improper neutralization of input vulnerability was identified in the End of Life (EOL) OVA based connect installer component which is deployed for installation purposes in a customer network. This EOL component was deprecated in September 2023 with end of support extended till January 2024. An actor can manipulate the action parameter of the login form to inject malicious scripts which would lead to a XSS attack under certain conditions.
Related Weaknesses (CWE)
References
FAQ
What is CVE-2025-3840?
CVE-2025-3840 is a documented vulnerability. An improper neutralization of input vulnerability was identified in the End of Life (EOL) OVA based connect installer component which is deployed for installation purposes in a customer network. This ...
How severe is CVE-2025-3840?
CVSS scoring is not yet available for CVE-2025-3840. Check NVD for updates.
Is there a patch for CVE-2025-3840?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.