CVE-2025-40842 is a Cross-Site Scripting (XSS) vulnerability classified under CWE-79, found in Ericsson Indoor Connect 8855 devices prior to the 2025.Q3 release. The vulnerability stems from improper input neutralization during the generation of web pages served by the device's management interface. This flaw allows an attacker to inject malicious scripts that execute in the context of the victim's browser when interacting with the device's web interface. The CVSS 4.0 vector indicates a network attack vector (AV:N) with low attack complexity (AC:L), no privileges required (PR:L), but user interaction is necessary (UI:P). The vulnerability impacts confidentiality and integrity highly (VC:H, VI:H), with no impact on availability. Exploiting this vulnerability could enable attackers to steal sensitive information, manipulate device settings, or perform unauthorized actions via the victim's session. No patches or exploits are currently publicly available, but the high CVSS score reflects the serious nature of the risk. The vulnerability affects all versions prior to 2025.Q3, indicating that upgrading to the latest firmware will remediate the issue. The device is typically deployed in enterprise and carrier indoor cellular coverage environments, making it a critical component in network infrastructure.

The exploitation of CVE-2025-40842 can lead to unauthorized disclosure and modification of sensitive information managed through the Ericsson Indoor Connect 8855 web interface. This could compromise network management confidentiality and integrity, potentially allowing attackers to alter configurations or gain further footholds within enterprise or carrier networks. Since the device is used to enhance indoor cellular coverage, disruption or compromise could degrade service quality or expose internal network details. The requirement for user interaction (e.g., an administrator accessing the web interface) limits the attack scope but does not eliminate risk, especially in environments with many administrators or remote management. The vulnerability could be leveraged as a stepping stone for more advanced attacks, including lateral movement or persistent access. Organizations relying on these devices for critical communications infrastructure face risks to operational security and data privacy.

1. Upgrade Ericsson Indoor Connect 8855 devices to version 2025.Q3 or later as soon as the patch becomes available to eliminate the vulnerability. 2. Restrict access to the device’s management web interface using network segmentation, VPNs, or IP whitelisting to limit exposure to trusted administrators only. 3. Deploy Web Application Firewalls (WAFs) capable of detecting and blocking XSS payloads targeting the device’s interface. 4. Enforce strong authentication and session management policies to reduce the risk of session hijacking if XSS is exploited. 5. Educate administrators to avoid clicking on suspicious links or interacting with untrusted content while logged into the device’s interface. 6. Monitor device logs and network traffic for unusual activities indicative of attempted or successful exploitation. 7. Consider implementing Content Security Policy (CSP) headers if supported by the device to mitigate script injection impact. 8. Regularly audit and review device configurations and firmware versions to ensure compliance with security best practices.