CVE-2025-9590

LOW

Weaver E-Mobile Mobile Management Platform <20250813 - XSS

Title source: llm

Description

A vulnerability was identified in Weaver E-Mobile Mobile Management Platform up to 20250813. Affected by this vulnerability is an unknown functionality. The manipulation of the argument gohome leads to cross site scripting. The attack can be initiated remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.

References (5)

Core 5

Core References

Various Sources exploit

https://github.com/Lee0568/pocccc/blob/main/poc.md

View Writeup ZIP pw:eip

Various Sources exploit

https://github.com/Lee0568/pocccc/blob/main/poc.md#vulnerability-analysis

View Exploit ZIP pw:eip

Permissions Required, VDB Entry vdb-entry technical-description

https://vuldb.com/?id.321762

Permissions Required, VDB Entry signature permissions-required

https://vuldb.com/?ctiid.321762

Permissions Required, VDB Entry third-party-advisory

https://vuldb.com/?submit.636164

Scores

CVSS v3 3.5

EPSS 0.0005

EPSS Percentile 15.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-79 CWE-94

Status published

Products (1)

Weaver/E-Mobile Mobile Management Platform 20250813

Published Aug 28, 2025

Tracked Since Feb 18, 2026