CVE-2025-65228 identifies a stored cross-site scripting (XSS) vulnerability in the web management interface of the R.V.R. Elettronica TLK302T telemetry controller, specifically firmware version 1.5.1799. Stored XSS vulnerabilities occur when malicious input is saved by the application and later rendered in users' browsers without proper sanitization or encoding. In this case, an attacker can inject malicious JavaScript code into the telemetry controller's web interface, which is then executed in the context of any user accessing the interface. This can lead to session hijacking, theft of credentials, unauthorized configuration changes, or pivoting to other network segments. The TLK302T device is used for telemetry data collection and control in industrial environments, making it a critical component in infrastructure monitoring and automation. The vulnerability requires the attacker to have access to the device's web interface, which may be exposed internally or externally depending on network configuration. No CVSS score or patch information is currently available, and no known exploits have been reported in the wild. The lack of a patch increases the urgency for organizations to implement compensating controls. The vulnerability was reserved on November 18, 2025, and published on December 8, 2025, indicating recent discovery. Given the device's role in telemetry and control, exploitation could impact operational integrity and availability of monitored systems.

For European organizations, especially those in industrial sectors such as manufacturing, energy, utilities, and critical infrastructure, this vulnerability poses a significant risk. Telemetry controllers like the TLK302T are integral to monitoring and controlling physical processes; compromise could lead to unauthorized manipulation of telemetry data or device configurations, potentially disrupting operations or causing safety hazards. The stored XSS could allow attackers to hijack sessions of legitimate administrators, leading to further compromise of the device or network. In environments where the web interface is accessible from less trusted networks, the risk of exploitation increases. Additionally, the persistence of the injected scripts means that multiple users could be affected over time, amplifying the impact. The absence of a patch means organizations must rely on network segmentation and access controls to mitigate risk. Disruption or manipulation of telemetry data could have cascading effects on industrial processes, regulatory compliance, and safety, making this vulnerability particularly impactful in European countries with advanced industrial sectors.

1. Immediately restrict access to the TLK302T web management interface by implementing strict network segmentation and firewall rules to limit access to trusted administrative networks only. 2. Employ VPNs or secure tunnels for remote access to the device to prevent exposure of the web interface to untrusted networks. 3. Monitor and audit access logs to detect any unusual or unauthorized access attempts to the telemetry controller. 4. Implement web application firewalls (WAF) or intrusion detection/prevention systems (IDS/IPS) that can detect and block XSS payloads targeting the device. 5. Validate and sanitize all user inputs on the device interface if possible, or request the vendor to provide firmware updates addressing the vulnerability. 6. Maintain an inventory of all deployed TLK302T devices and assess their exposure to external networks. 7. Prepare for rapid deployment of patches or firmware updates once released by the vendor by establishing vendor communication channels and update procedures. 8. Educate administrators on the risks of XSS and safe management practices for telemetry devices. 9. Consider isolating telemetry controllers on dedicated management VLANs to reduce attack surface. 10. Regularly back up device configurations to enable quick recovery in case of compromise.