CVE-2025-34262 is a stored cross-site scripting (XSS) vulnerability identified in Advantech Co., Ltd.'s WISE-DeviceOn Server, specifically affecting versions prior to 5.4. The vulnerability resides in the /rmm/v1/devices/name/{agent_id} REST API endpoint, which allows authenticated users to rename devices managed by the server. The issue arises because the new_name parameter is not properly sanitized before being stored and subsequently rendered in device listings or detail views. This improper neutralization of input (CWE-79) enables an attacker with authenticated access to inject malicious JavaScript code into device names. When other users view or interact with these device names in the web interface, the injected script executes in their browser context. This can lead to session hijacking, unauthorized actions performed on behalf of the victim, or other attacks leveraging the victim's privileges. The vulnerability requires the attacker to have at least some level of authenticated access to the system and relies on user interaction to trigger the malicious payload. The CVSS 4.0 vector (AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N) reflects network attack vector, low attack complexity, no attack prerequisites, partial privileges required, user interaction needed, and limited confidentiality and integrity impacts. No public exploits are currently known, and no patches have been linked yet, indicating the need for vigilance and proactive mitigation by affected organizations.

For European organizations, this vulnerability poses a risk primarily to the confidentiality and integrity of device management operations within networks using Advantech WISE-DeviceOn Server. Successful exploitation could allow attackers to hijack user sessions, escalate privileges, or perform unauthorized actions within the device management console. This could lead to disruption of industrial control systems or IoT device management, potentially affecting operational continuity and data integrity. Given the use of WISE-DeviceOn Server in industrial automation and IoT environments, the impact could extend to critical infrastructure sectors such as manufacturing, energy, and transportation. The requirement for authenticated access limits the attack surface but insider threats or compromised credentials could be leveraged. The medium severity rating suggests moderate risk, but the potential for lateral movement and further exploitation in industrial environments elevates the concern for European entities reliant on these systems.

European organizations should immediately verify their WISE-DeviceOn Server versions and plan upgrades to version 5.4 or later once available. In the absence of an official patch, implement strict input validation and output encoding on the device renaming functionality to neutralize malicious scripts. Limit user privileges to the minimum necessary, especially restricting who can rename devices. Employ web application firewalls (WAFs) with custom rules to detect and block suspicious payloads targeting the /rmm/v1/devices/name/{agent_id} endpoint. Monitor logs for unusual device renaming activities or repeated failed attempts to inject scripts. Educate users about the risks of interacting with untrusted device names and enforce multi-factor authentication to reduce the risk of credential compromise. Regularly audit device management interfaces and conduct penetration testing focused on XSS vulnerabilities. Finally, establish incident response procedures to quickly address any detected exploitation attempts.