CVE-2025-9225
MEDIUMMiR Robots and MiR Fleet < 3.0.0 - Stored Cross-Site Scripting
Title source: llmDescription
Stored cross-site scripting (XSS) in the web interface of MiR software versions prior to 3.0.0 on MiR Robots and MiR Fleet allows execution of arbitrary JavaScript code in a victim’s browser
References (2)
Core 2
Core References
Various Sources vendor-advisory
https://mobile-industrial-robots.com/security-advisories/cross-site-scripting
Scores
CVSS v3
5.5
EPSS
0.0024
EPSS Percentile
15.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-79
Status
published
Products (2)
Mobile Industrial Robots/MiR Fleet
< 3.0.0
Mobile Industrial Robots/MiR Robots
< 3.0.0
Published
Aug 20, 2025
Tracked Since
Feb 18, 2026