平台
other
组件
web-administration-interface
修复版本
4.0.1
4.0.2
CVE-2025-15505 describes a cross-site scripting (XSS) vulnerability affecting the Web Administration Interface of Luxul XWR-600 devices. This vulnerability allows an attacker to inject malicious scripts into web pages viewed by other users, potentially leading to session hijacking or data theft. The vulnerability impacts versions 4.0.0 through 4.0.1 and has been publicly disclosed with a proof-of-concept available. Luxul has not yet released a technical statement.
Successful exploitation of CVE-2025-15505 allows an attacker to execute arbitrary JavaScript code within the context of a user's browser session on the Luxul XWR-600's web interface. This can be leveraged to steal session cookies, redirect users to malicious websites, or deface the administration interface. Given the device's role as a network router, a compromised administrator interface could provide an attacker with access to sensitive network configuration data, potentially enabling further attacks against internal resources. The public availability of a proof-of-concept significantly increases the risk of exploitation.
CVE-2025-15505 has been publicly disclosed and a proof-of-concept is available, indicating a high probability of exploitation. The vulnerability is tracked on the NVD and CISA databases. The lack of a response from Luxul regarding a technical statement raises concerns about the timeliness of a patch. The EPSS score is likely to be medium or high given the public exploit and lack of vendor response.
Organizations using Luxul XWR-600 routers, particularly those relying on the Guest Network feature for external access, are at risk. Shared hosting environments where multiple users share the same router configuration are also vulnerable. Legacy configurations with default passwords or outdated firmware are especially susceptible.
• windows / supply-chain: Monitor PowerShell execution for suspicious commands related to network configuration or web interface access. Check scheduled tasks for unusual scripts.
• linux / server: Examine system logs (journalctl) for unusual HTTP requests targeting the web administration interface. Use lsof to identify processes accessing the web interface.
• generic web: Use curl to test the Guest Network/Wireless Profile SSID parameter for XSS vulnerabilities. Inspect access and error logs for suspicious requests.
• database (mysql, redis, mongodb, postgresql): N/A - This vulnerability does not directly impact databases.
• other: Monitor network traffic for unusual HTTP requests to the XWR-600's web interface, particularly those involving the Guest Network/Wireless Profile SSID parameter.
disclosure
漏洞利用状态
EPSS
0.04% (11% 百分位)
CISA SSVC
CVSS 向量
While a patch is not yet available from Luxul, immediate mitigation steps are crucial. Consider temporarily disabling the Guest Network feature if it's not essential. Implement strict input validation and output encoding on the Web Administration Interface to prevent XSS attacks. Web application firewalls (WAFs) can be configured to filter out malicious JavaScript payloads targeting the SSID parameter. Monitor network traffic for suspicious activity and unusual requests to the web interface. After a patch is released by Luxul, promptly upgrade the XWR-600 to the fixed version and verify the fix by attempting to inject a simple XSS payload into the Guest Network/Wireless Profile SSID field.
Actualizar el firmware del Luxul XWR-600 a una versión posterior a la 4.0.1, si está disponible. Si no hay actualizaciones disponibles, deshabilitar la función de red de invitados o evitar el uso de caracteres especiales en el SSID de la red de invitados.
漏洞分析和关键警报直接发送到您的邮箱。
CVE-2025-15505 is a cross-site scripting (XSS) vulnerability in the Web Administration Interface of Luxul XWR-600 routers, allowing attackers to inject malicious scripts.
You are affected if you are using a Luxul XWR-600 router running versions 4.0.0 through 4.0.1.
Upgrade to a patched version of the firmware when available from Luxul. Until then, disable the Guest Network feature and implement WAF rules.
A public proof-of-concept exists, indicating a high probability of active exploitation.
Check the Luxul website for security advisories, although a technical statement is currently unavailable.