CVE-2026-25073 identifies a stored cross-site scripting (XSS) vulnerability in the firmware of the XikeStor SKS8310-8X network switch produced by Anhui Seeker Electronic Technology Co., LTD. The vulnerability exists in firmware versions 1.04.B07 and earlier. It arises from improper neutralization of input during web page generation, specifically in the System Name field of the device’s management interface. Authenticated attackers can inject arbitrary JavaScript code into this field, which is then stored persistently on the device. When other users or administrators view the System Name field in the web interface, the malicious script executes in their browsers. This can lead to theft of session tokens, redirection to malicious sites, or execution of unauthorized commands within the context of the victim’s session. The vulnerability requires the attacker to have at least some level of authentication to the device’s management interface but does not require user interaction beyond viewing the affected page. The CVSS 4.0 vector indicates network attack vector, low attack complexity, no privileges required beyond authentication, and no user interaction needed for exploitation. The scope is limited to the device’s management interface, and the impact is primarily on confidentiality and integrity of the user sessions. No known exploits have been reported in the wild, and no official patches have been linked yet, indicating a need for proactive mitigation. The vulnerability is classified under CWE-79, a common and well-understood category of web application security flaws.

The primary impact of this vulnerability is on the confidentiality and integrity of administrative sessions accessing the XikeStor SKS8310-8X management interface. Successful exploitation allows attackers to execute arbitrary scripts in the context of the victim’s browser, potentially leading to session hijacking, credential theft, or unauthorized configuration changes. This could compromise the network switch’s security posture, enabling further lateral movement within the network or disruption of network operations. Since the device is a network switch, exploitation could affect network availability indirectly by enabling attackers to alter configurations or disable network segments. The requirement for authentication limits the attack surface to users with some level of access, but insider threats or compromised credentials could facilitate exploitation. Organizations relying on these switches for critical infrastructure or sensitive environments face increased risk of targeted attacks aiming to disrupt or surveil network traffic. The lack of patches and known exploits suggests the vulnerability is currently under the radar but could become a vector for attacks if weaponized.

1. Restrict access to the management interface of the XikeStor SKS8310-8X switches to trusted networks and users only, using network segmentation and firewall rules. 2. Enforce strong authentication mechanisms and regularly audit user accounts to minimize the risk of credential compromise. 3. Implement strict input validation and output encoding on the System Name field and other user-controllable fields in the device’s web interface; if possible, apply firmware updates or vendor patches once available. 4. Monitor logs and network traffic for unusual activity indicative of attempted or successful exploitation, including unexpected script execution or configuration changes. 5. Educate administrators to avoid clicking on suspicious links or viewing untrusted device management pages without proper security controls. 6. Consider deploying web application firewalls (WAFs) or reverse proxies that can detect and block XSS payloads targeting the management interface. 7. If firmware updates are unavailable, consider isolating affected devices or replacing them with more secure alternatives to reduce exposure. 8. Regularly back up device configurations to enable recovery in case of compromise.