Medium severityNVD Advisory· Published Sep 17, 2025· Updated Apr 15, 2026

CVE-2025-8153

Description

Cross-site Scripting vulnerability in NEC Corporation UNIVERGE IX from Ver.9.5 to Ver.10.7, from Ver.10.8.21 to Ver.10.8.36, from Ver.10.9.11 to Ver.10.9.24, from Ver.10.10.21 to Ver.10.10.31, Ver.10.11.6 and UNIVERGE IX-R/IX-V Ver1.3.16, Ver1.3.21 allows a attacker to inject an arbitrary scripts may be executed on the user's browser.

Affected products

NEC/UNIVERGE IX-Rllm-create
Range: =1.3.16, =1.3.21
NEC/Univergellm-fuzzy
Range: >=9.5 <=10.7, >=10.8.21 <=10.8.36, >=10.9.11 <=10.9.24, >=10.10.21 <=10.10.31, =10.11.6

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

jpn.nec.com/security-info/secinfo/nv25-005_en.htmlnvd

News mentions

No linked articles in our index yet.

cvss	0.260
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000