CVE-2025-65228

LOW

R.V.R. Elettronica TLK302T Firmware 1.5.1799 - Stored Cross-Site Scripting

Title source: llm

Description

A stored cross-site scripting vulnerability exists in the web management interface of the R.V.R. Elettronica TLK302T telemetry controller (firmware 1.5.1799).

References (2)

Core 2

Core References

Exploit, Third Party Advisory

https://github.com/iyadalkhatib98/My_CVES/tree/main/CVE-2025-65228

View Exploit ZIP pw:eip

Product

https://www.rvr.it/en/products/components/telemetry-units-system/tlk300-series/tlk302t/

Scores

CVSS v3 3.5

EPSS 0.0018

EPSS Percentile 7.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-79

Status published

Products (1)

rvr/tlk302t_firmware 1.5.1799

Published Dec 08, 2025

Tracked Since Feb 18, 2026