VYPR
← All advisories
Medium severityNVD Advisory· Published Mar 31, 2025· Updated Apr 15, 2026

CVE-2025-2072

CVE-2025-2072

Description

A Reflected Cross-Site Scripting (XSS) vulnerability has been discovered in FAST LTA Silent Brick WebUI, allowing attackers to inject malicious JavaScript code into web pages viewed by users. This issue arises when user-supplied input is improperly handled and reflected directly in the output of a web page without proper sanitization or encoding. Exploiting this vulnerability, an attacker can execute arbitrary JavaScript in the context of the victim's browser, potentially leading to session hijacking, data theft, and other malicious actions. Affected WebUI parameters are "h", "hd", "p", "pi", "s", "t", "x", "y".

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Reflected XSS in FAST LTA Silent Brick WebUI allows attackers to inject arbitrary JavaScript via multiple parameters, leading to session hijacking or data theft.

A Reflected Cross-Site Scripting (XSS) vulnerability exists in the FAST LTA Silent Brick WebUI, where user-supplied input is improperly handled and reflected directly in the output without sanitization or encoding. The affected parameters are 'h', 'hd', 'p', 'pi', 's', 't', 'x', and 'y', allowing injection of malicious JavaScript.

An attacker can exploit this by crafting a URL containing a malicious script in one of the vulnerable parameters and tricking a victim into clicking it. Since the input is reflected immediately, the script executes in the victim's browser context without requiring authentication or additional privileges.

Successful exploitation enables the attacker to perform arbitrary actions in the victim's session, such as stealing cookies, session tokens, or other sensitive data, potentially leading to account takeover or data theft. The impact is mitigated by the need for user interaction (clicking a crafted link).

FAST LTA has released software version 2.63, which includes security updates addressing this vulnerability [1]. Users are advised to update their Silent Brick systems to this version to protect against exploitation.

References
  1. FAST LTA | Products | Silent Bricks | Software 2.63

AI Insight generated on May 20, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

1

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

1

News mentions

0

No linked articles in our index yet.