CVE-2025-8765 is a medium-severity cross-site scripting (XSS) vulnerability affecting the Datacom DM955 5GT 1200 wireless device, specifically version 825.8010.00. The vulnerability resides in the Wireless Basic Settings component, where improper validation or sanitization of the SSID argument allows an attacker to inject malicious scripts. This flaw can be exploited remotely without requiring authentication, although user interaction is necessary to trigger the malicious payload. The vulnerability has been publicly disclosed, increasing the risk of exploitation, but no known exploits have been observed in the wild yet. The CVSS 4.0 base score is 5.1, reflecting the moderate impact and ease of exploitation. The attack vector is network-based (AV:N), with low attack complexity (AC:L), no privileges required (PR:L indicates low privileges, but the vector states no privileges needed), and user interaction required (UI:P). The vulnerability impacts confidentiality minimally, with limited integrity and availability impact, as the main risk is executing arbitrary scripts in the context of the device's web interface, potentially leading to session hijacking, phishing, or further attacks on the internal network. The scope is unchanged, meaning the vulnerability affects only the vulnerable component without extending to other system components. Since the device is a wireless network product, exploitation could allow attackers to manipulate device settings or intercept network traffic indirectly by compromising the management interface.

For European organizations, especially those relying on Datacom DM955 5GT 1200 devices for wireless connectivity, this vulnerability poses a risk of unauthorized access to device management interfaces via XSS attacks. Successful exploitation could lead to session hijacking of administrators, unauthorized changes to wireless settings, or the injection of malicious scripts that could spread to connected clients. This could degrade network security, lead to data leakage, or enable lateral movement within corporate networks. Organizations in sectors with high wireless infrastructure reliance, such as telecommunications, manufacturing, and public services, may face operational disruptions or data confidentiality breaches. Given the remote exploitability and public disclosure, attackers could target European entities with these devices to gain footholds or disrupt wireless services. However, the medium severity and requirement for user interaction limit the immediacy of the threat, but it remains a concern for environments with less stringent network segmentation or where administrators access device interfaces from untrusted networks.

To mitigate this vulnerability, European organizations should: 1) Immediately verify if their wireless infrastructure includes Datacom DM955 5GT 1200 devices running version 825.8010.00 and prioritize their assessment. 2) Apply any available patches or firmware updates from Datacom as soon as they are released; if no patches are currently available, contact the vendor for guidance or workarounds. 3) Restrict access to the device management interface by implementing network segmentation and firewall rules to limit management traffic to trusted administrative networks only. 4) Enforce strong authentication and session management controls on the device to reduce the risk of session hijacking. 5) Educate administrators about the risk of XSS and the importance of avoiding clicking on suspicious links or executing untrusted scripts when managing devices. 6) Monitor network traffic and device logs for unusual activity that could indicate exploitation attempts. 7) Consider deploying web application firewalls (WAFs) or intrusion prevention systems (IPS) capable of detecting and blocking XSS payloads targeting device management interfaces. These measures go beyond generic advice by focusing on access control, monitoring, and administrator awareness tailored to this specific device and vulnerability.