CVE-2025-57444
Description
An authenticated cross-site scripting (XSS) vulnerability in the Administrative interface of Radware AlteonOS Web UI Management v33.0.4.50 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Description parameter.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Stored XSS in Radware AlteonOS Web UI Management allows authenticated attackers with AppShape++ Script privileges to execute arbitrary JavaScript via the Description parameter.
CVE-2025-57444 is a stored cross-site scripting (XSS) vulnerability in the Administrative interface of Radware AlteonOS Web UI Management version 33.0.4.50. The root cause is a lack of input validation on the Description parameter within the AppShape++ Script panel, allowing attackers to inject arbitrary web scripts or HTML [1].
To exploit this vulnerability, an attacker must have an authenticated account with privileges to create or edit AppShape++ Scripts. By injecting a crafted payload, such as ``, into the Description field, the malicious script is stored and executed when the panel is viewed [1].
The impact is arbitrary JavaScript execution in the context of the administrative interface. This could lead to session hijacking, defacement, or further compromise of the management console, depending on the application's security configuration [1].
As of the advisory, no official patch has been released. Administrators are advised to restrict access to the Web UI to trusted users and apply the principle of least privilege to mitigate the risk [1].
AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1- Range: =33.0.4.50
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.