CVE-2025-8765 is a medium-severity cross-site scripting (XSS) vulnerability affecting the Datacom DM955 5GT 1200 wireless device, specifically version 825.8010.00. The vulnerability resides in an unspecified functionality within the Wireless Basic Settings component, where the SSID parameter can be manipulated by an attacker to inject malicious scripts. This flaw allows remote attackers to execute arbitrary scripts in the context of the victim's browser without requiring authentication, although user interaction is necessary to trigger the exploit (e.g., visiting a crafted page or interface). The CVSS 4.0 vector indicates that the attack vector is network-based (AV:N), with low attack complexity (AC:L), no privileges required (PR:L, indicating low privileges but not none), and user interaction required (UI:P). The impact on confidentiality is none, integrity is low, and availability is none, suggesting the primary risk is client-side script execution leading to potential session hijacking, phishing, or other client-side attacks. No patches have been disclosed yet, and no known exploits are currently observed in the wild, but public disclosure of the exploit code increases the risk of exploitation. The vulnerability affects a networking device used for wireless connectivity, which may be deployed in enterprise and industrial environments. Given the nature of XSS, the threat primarily targets users accessing the device's web interface or management console, potentially enabling attackers to steal credentials or manipulate device settings indirectly.

For European organizations, this vulnerability poses a risk primarily to network administrators and users who access the Datacom DM955 5GT 1200 device's web interface. Successful exploitation could lead to session hijacking, credential theft, or execution of malicious scripts within the administrative context, potentially allowing attackers to pivot within the network or disrupt wireless configurations. Organizations relying on this device for critical wireless infrastructure could face operational disruptions or unauthorized access to network management interfaces. The medium severity and requirement for user interaction limit the scope somewhat, but the public availability of exploit details increases the urgency for mitigation. Industries with sensitive wireless deployments, such as manufacturing, healthcare, or government agencies in Europe, could be particularly impacted if these devices are in use. Additionally, the vulnerability could be leveraged in targeted phishing campaigns or combined with other exploits to escalate privileges or gain broader network access.

Organizations should immediately inventory their network infrastructure to identify any Datacom DM955 5GT 1200 devices running version 825.8010.00. Since no official patch is currently available, administrators should implement compensating controls such as restricting access to the device's management interface via network segmentation and firewall rules, limiting access to trusted IP addresses only. Enforce strong authentication mechanisms and monitor access logs for suspicious activity. Educate users and administrators about the risks of clicking on untrusted links or interacting with unknown SSIDs in the wireless settings interface. If possible, disable or restrict the Wireless Basic Settings web interface functionality until a patch is released. Regularly check for vendor updates or security advisories to apply patches promptly once available. Additionally, implement web application firewalls (WAF) or intrusion detection systems (IDS) that can detect and block XSS payloads targeting the device's management interface.