CVE-2025-45585 is a medium-severity stored cross-site scripting (XSS) vulnerability affecting the Audi UTR 2.0 Universal Traffic Recorder 2.0. The vulnerability arises from improper sanitization of user-supplied input in the wifi_sta_ssid and wifi_ap_ssid parameters. An attacker with limited privileges (PR:L) and requiring user interaction (UI:R) can inject crafted malicious scripts or HTML payloads into these parameters. When these payloads are subsequently rendered by the web interface of the device, they execute in the context of the victim's browser session. This can lead to the theft of sensitive information such as session cookies, manipulation of the web interface, or redirection to malicious sites. The vulnerability has a CVSS v3.1 base score of 5.4, reflecting a medium impact with network attack vector (AV:N), low attack complexity (AC:L), and partial confidentiality and integrity impact (C:L/I:L), but no impact on availability (A:N). The vulnerability scope is changed (S:C), indicating that exploitation affects resources beyond the vulnerable component. No known exploits are reported in the wild, and no patches are currently linked, suggesting that remediation may still be pending. The vulnerability is categorized under CWE-79, which is the standard classification for cross-site scripting issues. The affected product, Audi UTR 2.0, is a specialized device used for traffic recording and monitoring, likely deployed in transportation infrastructure or automotive testing environments.

For European organizations, especially those involved in transportation infrastructure, automotive testing, or smart city deployments, this vulnerability could lead to unauthorized access to device management interfaces or leakage of sensitive operational data. Exploitation could allow attackers to hijack administrative sessions, manipulate device configurations, or conduct further attacks within the internal network. Given the device’s role in traffic recording, compromised data integrity could affect traffic analysis and decision-making processes. While the vulnerability does not directly impact availability, the confidentiality and integrity risks could undermine trust in traffic monitoring systems. Additionally, if these devices are integrated into broader IoT or critical infrastructure networks, the attack surface and potential cascading effects increase. European organizations with deployments of Audi UTR 2.0 should be aware of the risk of targeted attacks, especially in countries with advanced transportation networks or automotive industries.

Organizations should immediately audit their deployments of Audi UTR 2.0 devices to identify affected units. Since no official patches are currently linked, interim mitigations include restricting access to the device’s web interface to trusted networks and users only, implementing network segmentation to isolate these devices from critical systems, and enforcing strict authentication and authorization controls. Monitoring web interface logs for unusual input patterns or repeated attempts to inject scripts can help detect exploitation attempts. Additionally, educating users to avoid interacting with suspicious links or payloads related to these devices can reduce the risk posed by required user interaction. Organizations should engage with the vendor or manufacturer to obtain timely patches or firmware updates addressing this vulnerability. Applying web application firewalls (WAFs) or intrusion prevention systems (IPS) with rules targeting XSS payloads on traffic to these devices can provide an additional layer of defense.