CVE-2025-65289 — MEDIUM (6.1)

Vulnerability Description

A stored Cross site scripting (XSS) vulnerability in the Mercury MR816v2 (081C3114 4.8.7 Build 110427 Rel 36550n) router allows a remote attacker on the LAN to inject JavaScript into the router's management UI by submitting a malicious hostname. The injected script is stored and later executed in the context of an administrator's browser (for example after DHCP release/renew triggers the interface to display the stored hostname). Because the management interface uses weak/basic authentication and does not properly protect or isolate session material, the XSS can be used to exfiltrate the admin session and perform administrative actions.

CVSS Score

6.1

MEDIUM

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality

LOW

Integrity

LOW

Availability

NONE

Affected Products

Vendor	Product	Versions
Mercurycom	Mr816 Firmware	081c3114_4.8.7
Mercurycom	Mr816	2.0

Related Weaknesses (CWE)

CWE-79

References

https://damiri.fr/en/cve/CVE-2025-65289ExploitThird Party Advisory

FAQ

What is CVE-2025-65289?

CVE-2025-65289 is a vulnerability with a CVSS score of 6.1 (MEDIUM). A stored Cross site scripting (XSS) vulnerability in the Mercury MR816v2 (081C3114 4.8.7 Build 110427 Rel 36550n) router allows a remote attacker on the LAN to inject JavaScript into the router's mana...

How severe is CVE-2025-65289?

CVE-2025-65289 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2025-65289?

Check the references section above for vendor advisories and patch information. Affected products include: Mercurycom Mr816 Firmware, Mercurycom Mr816.