Description
The Simplicity Device Manager Tool has a Reflected XSS (Cross-site-scripting) vulnerability in several API endpoints. The attacker needs to be on the same network to execute this attack. These APIs can affect confidentiality, integrity, and availability of the system that has Simplicity Device Manager tool running in the background.
References (1)
Core 1
Core References
Various Sources vendor-advisory
permissions-required
https://community.silabs.com/068Vm00000fjgJj
Scores
CVSS v4
7.5
EPSS
0.0026
EPSS Percentile
17.1%
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-79
Status
published
Products (1)
silabs.com/Simplicity Device Manager
< 0.99.35 - alpha
Published
Feb 10, 2026
Tracked Since
Feb 18, 2026