CVE-2025-3840

Published Apr 21, 2025

Last updated 2 months ago

CVSS low 2.1

Overview

Description
An improper neutralization of input vulnerability was identified in the End of Life (EOL) OVA based connect installer component which is deployed for installation purposes in a customer network. This EOL component was deprecated in September 2023 with end of support extended till January 2024. An actor can manipulate the action parameter of the login form to inject malicious scripts which would lead to a XSS attack under certain conditions.
Source
bd8dbf88-98d9-42c6-be08-cf8e48a32093
NVD status
Awaiting Analysis

Risk scores

CVSS 4.0

Type
Secondary
Base score
2.1
Impact score
-
Exploitability score
-
Vector string
CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Severity
LOW

Weaknesses

bd8dbf88-98d9-42c6-be08-cf8e48a32093
CWE-79

Social media

Hype score
Not currently trending

  1. CVE-2025-3840 04/21/2025 10:15:15 AM BaseSeverity: LOW An improper neutralization of input vulnerability was identified in the End of Life (EOL) OVA based connect installer component which is deployed for installation purposes in a... https://t.co/eQ1PiFttZw

    @CVETracker

    21 Apr 2025

    7 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. 🚨 CVE-2025-3840 🟢 LOW (2.1) 🏢 Saviynt - OVA based Connect 🏗️ AlmaLinux-8.x_SC2.0-Client-2.0 🔗 https://t.co/fb290tytoB #CyberCron #VulnAlert #InfoSec https://t.co/uoVKbxJUEC

    @cybercronai

    21 Apr 2025

    19 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. New post from https://t.co/uXvPWJy6tj (CVE-2025-3840 | Saviynt OVA based Connect up to RHEL-8.x_SC2.0-Client-3.0 Login Form action cross site scripting) has been published on https://t.co/fMz5ZUmsWp

    @WolfgangSesin

    21 Apr 2025

    10 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. CVE-2025-3840 Cross-Site Scripting (XSS) Vulnerability in End of Life OVA Connect Installer https://t.co/XxQIINSJ9q

    @VulmonFeeds

    21 Apr 2025

    92 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  5. CVE-2025-3840 An improper neutralization of input vulnerability was identified in the End of Life (EOL) OVA based connect installer component which is deployed for installation purpo… https://t.co/7c6M8PReFc

    @CVEnew

    21 Apr 2025

    443 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

References

Sources include official advisories and independent security research.