CVE-2025-64130 — AI Deep Analysis Summary

🚨 **Essence**: A Reflected XSS flaw in Zenitel TCIV-3+ IP intercoms. 🚨 **Consequences**: Attackers inject malicious JS into the victim's browser.…

🛡️ **Root Cause**: CWE-79 (Improper Neutralization of Input During Web Page Generation). The device fails to sanitize user-supplied input before reflecting it back in the web interface. This allows script injection.…

📦 **Affected Product**: Zenitel TCIV-3+ IP Intercom Terminal. 🇳🇴 **Vendor**: Zenitel (Norway). 📅 **Published**: Nov 26, 2025. Any version of the TCIV-3+ firmware that hosts the vulnerable web interface is at risk.…

💻 **Attacker Actions**: Execute arbitrary JavaScript in the victim's browser. 🕵️ **Privileges**: No authentication required (PR:N). 📊 **Data Impact**: High (C:H, I:H, A:H).…

🔓 **Threshold**: LOW. 🚫 **Auth**: No privileges required (PR:N). 🖱️ **UI**: No user interaction needed (UI:N). 🌐 **Network**: Remote (AV:N). 📉 **Complexity**: Low (AC:L).…

🚫 **Public Exploit**: No PoC or wild exploitation detected yet (pocs: []). 📝 **References**: CISA Advisory ICSA-25-329-03 and Zenitel Wiki exist.…

🔍 **Self-Check**: Scan for Zenitel TCIV-3+ devices on your network. 🌐 **Test**: Look for reflected XSS in web interface parameters (URLs, forms).…

🛡️ **Official Fix**: Yes, patches are available. 📥 **Source**: Zenitel Downloads (Station and Device Firmware Package VS-IS). 📜 **Advisory**: Refer to CISA ICSA-25-329-03 for details.…

🚧 **No Patch Workaround**: If patching is delayed, restrict network access to the device's web interface. 🚫 **Isolate**: Place the device in a segmented VLAN.…

🔥 **Urgency**: HIGH. 📈 **CVSS**: 9.8 (Critical). 🚨 **Risk**: Unauthenticated remote code execution in browser context. 🏭 **Context**: ICS/OT device. ⚡ Immediate patching is recommended.…