CVE-2025-68915 is a Cross-site Scripting (XSS) vulnerability identified in the Riello NetMan 208 Application, specifically in versions prior to 1.12. The vulnerability arises from improper neutralization of input during web page generation in the cgi-bin/loginbanner_w.cgi script, which is responsible for displaying login banners. An attacker with high privileges and network access can craft a malicious banner containing executable scripts that are not properly sanitized before rendering in the web interface. This leads to reflected or stored XSS, allowing the attacker to execute arbitrary JavaScript in the context of the victim’s browser session. The CVSS 3.1 base score is 5.5 (medium), with the vector indicating network attack vector (AV:N), low attack complexity (AC:L), requiring high privileges (PR:H), no user interaction (UI:N), and a scope change (S:C). The impact affects confidentiality and integrity to a limited extent but does not affect availability. Although no public exploits are currently known, the vulnerability could be leveraged for session hijacking, unauthorized command execution within the management interface, or to facilitate further attacks on the network. The lack of an available patch means organizations must rely on compensating controls until an update is released. The vulnerability is significant for environments where Riello NetMan 208 is used to manage UPS devices, especially in critical infrastructure and industrial settings.

For European organizations, this vulnerability poses a risk primarily to the confidentiality and integrity of management sessions controlling UPS devices. Successful exploitation could allow attackers to execute malicious scripts that hijack administrative sessions or manipulate the management interface, potentially leading to unauthorized configuration changes or disruption of UPS monitoring. This could indirectly affect power management and availability of critical systems relying on uninterrupted power supplies. Given the requirement for high privileges, the threat is more relevant in scenarios where internal threat actors or attackers have already gained elevated access. The vulnerability could be exploited to move laterally within networks or to escalate privileges further. Organizations in sectors such as manufacturing, energy, healthcare, and data centers that depend on Riello UPS systems for power continuity are particularly at risk. The absence of known exploits reduces immediate risk but does not eliminate the potential for future attacks once exploit code becomes available.

1. Monitor Riello’s official channels closely for patches or updates addressing this vulnerability and apply them promptly once available. 2. Implement strict input validation and output encoding on any web interfaces or proxies that interact with the NetMan 208 device to prevent injection of malicious scripts. 3. Restrict network access to the NetMan management interface to trusted administrators only, using network segmentation, firewalls, and VPNs to limit exposure. 4. Enforce strong authentication and role-based access controls to minimize the number of users with high privileges required for exploitation. 5. Conduct regular security audits and penetration testing focusing on web interface vulnerabilities. 6. Employ web application firewalls (WAFs) with rules to detect and block XSS payloads targeting the loginbanner_w.cgi endpoint. 7. Educate administrators about phishing and social engineering risks that could lead to privilege escalation enabling exploitation. 8. Log and monitor access to the NetMan interface for unusual activity that could indicate attempted exploitation.