CVE-2026-25073 is a stored cross-site scripting (XSS) vulnerability classified under CWE-79, affecting the XikeStor SKS8310-8X network switch firmware versions 1.04.B07 and prior, developed by Anhui Seeker Electronic Technology Co., LTD. The vulnerability stems from improper neutralization of input during web page generation, specifically in the System Name field. Authenticated attackers can inject arbitrary JavaScript code into this field, which is then stored persistently on the device. When other users or administrators access the interface displaying the System Name, the malicious script executes in their browsers due to insufficient output encoding. This can lead to unauthorized actions such as session hijacking, credential theft, or manipulation of the web interface. The vulnerability requires the attacker to have valid credentials (authenticated access) but does not require further user interaction beyond viewing the affected page. The CVSS 4.0 vector indicates network attack vector (AV:N), low attack complexity (AC:L), no privileges required (PR:L), user interaction required (UI:P), and low scope impact (SC:L). No known exploits are currently in the wild, and no official patches have been linked yet, indicating the need for proactive mitigation. The vulnerability highlights a common web security issue in embedded device management interfaces, emphasizing the importance of secure coding practices such as proper input validation and output encoding.

The primary impact of CVE-2026-25073 is the potential compromise of administrative sessions and credentials through the execution of malicious scripts in the browsers of network administrators or users viewing the System Name field. This can lead to unauthorized access to the network switch's management interface, allowing attackers to alter configurations, disrupt network operations, or pivot to other internal systems. Given that the vulnerability requires authenticated access, the risk is somewhat limited to insiders or attackers who have obtained valid credentials. However, the stored nature of the XSS means that any user with access to the interface could be affected once the malicious script is injected. This could facilitate lateral movement within an organization’s network and increase the attack surface. Organizations relying on the XikeStor SKS8310-8X for critical network infrastructure may face operational disruptions, data breaches, or further exploitation if this vulnerability is leveraged effectively. The absence of known exploits reduces immediate risk but does not eliminate the potential for future attacks.

Organizations should implement the following specific mitigations: 1) Restrict access to the network switch management interface to trusted administrators only, using strong authentication mechanisms and network segmentation. 2) Monitor and audit changes to the System Name and other input fields to detect suspicious or unauthorized modifications. 3) Apply strict input validation and output encoding controls on the device’s web interface to prevent injection of malicious scripts; if possible, request or develop firmware updates that address the vulnerability. 4) Employ web application firewalls (WAFs) or intrusion detection/prevention systems (IDS/IPS) that can detect and block XSS payloads targeting the management interface. 5) Educate administrators about the risks of XSS and encourage cautious behavior when interacting with device management consoles. 6) Regularly check for firmware updates or security advisories from Anhui Seeker Electronic Technology Co., LTD. and apply patches promptly once available. 7) Consider implementing multi-factor authentication (MFA) for device access to reduce the risk of credential compromise.