CVE-2025-26514 Reflected Cross-Site Scripting Vulnerability in StorageGRID (formerly StorageGRID Webscale)

6.4 / 10

MEDIUM

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:L

Description

StorageGRID (formerly
StorageGRID Webscale) versions prior to 11.8.0.15 and 11.9.0.8 are
susceptible to a Reflected Cross-Site Scripting vulnerability.
Successful exploit could allow an attacker to view or modify
configuration settings or add or modify user accounts but requires the
attacker to know specific information about the target instance and then
trick a privileged user into clicking a specially crafted link.

Basic Information

ID CVE-2025-26514

Source netapp

Published Sep 19, 2025 at 18:31

Modified Sep 19, 2025 at 18:49

Affected Product

Vendor NetApp

Product StorageGRID

Affected Versions NetApp StorageGRID 0
NetApp StorageGRID 0

CWE Classification

CWE-79

References

security.netapp.com /advisory/NTAP-20250910-0001

{
    "lastseen": "",
    "description": "StorageGRID (formerly \nStorageGRID Webscale) versions prior to 11.8.0.15 and 11.9.0.8 are \nsusceptible to a Reflected Cross-Site Scripting vulnerability. \nSuccessful exploit could allow an attacker to view or modify \nconfiguration settings or add or modify user accounts but requires the \nattacker to know specific information about the target instance and then\n trick a privileged user into clicking a specially crafted link.",
    "published": "2025-09-19T18:31:54.948Z",
    "modified": "2025-09-19T18:49:58.274Z",
    "type": "cve",
    "title": "CVE-2025-26514 Reflected Cross-Site Scripting Vulnerability in StorageGRID (formerly StorageGRID Webscale)",
    "source": "netapp",
    "references": "https://security.netapp.com/advisory/NTAP-20250910-0001",
    "id": "CVE-2025-26514",
    "bulletinFamily": "",
    "cwe": [
        "CWE-79"
    ],
    "cvelist": null,
    "sourceData": "NetApp StorageGRID 0\nNetApp StorageGRID 0",
    "sourceHref": "",
    "cvss": {
        "score": 6.4,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:L",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "StorageGRID",
    "version": "0",
    "vendor": "NetApp",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

CVE-2025-26514 Reflected Cross-Site Scripting Vulnerability in StorageGRID (formerly StorageGRID Webscale)_CVE-2025-26514