Unrated severityNVD Advisory· Published Jan 22, 2026· Updated Jan 22, 2026

HTML Injection Leading to Script Execution in Altium Enterprise Server

CVE-2025-27380

Description

HTML injection in Project Release in Altium Enterprise Server (AES) 7.0.3 on all platforms allows an authenticated attacker to execute arbitrary JavaScript in the victim’s browser via crafted HTML content.

Affected products

Netscape/Enterprise Serverllm-fuzzy
Range: = 7.0.3
Altium/AESv5
Range: 7.0.3

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.altium.com/platform/security-compliance/security-advisoriesmitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000