关键漏洞信息 CVE ID: CVE-2025-14186 VDB ID: 334606 EUVD ID: EUVD-2025-201595 CVSS Meta Temp Score: 3.3 Current Exploit Price: $0-$5k CTI Interest Score: 4.54 漏洞概况 受影响产品: Grandstream GXP1625 1.0.7.4 漏洞类型: Cross Site Scripting (CWE-80) 组件: Network Status Page 文件: /cgi-bin/api.values.post 易受攻击参数: vpn_ip 影响: The manipulation of the argument vpn_ip can lead to cross site scripting. 远程执行: The attack can be executed remotely. 用户交互: Requires user interaction by the victim. 已知利用情况: An exploit exists. 厂商响应: The vendor was contacted but did not respond. 详细信息 相关CVE: CVE-2025-14186 上下文: The vulnerability affects an unknown function of the file /cgi-bin/api.values.post. 影响: Affects integrity. T1059.007: Assigned to the MITRE ATT&CK project. 更多信息: Available at drive.google.com.