CVE-2025-65228

LOW EPSS 7.8%

Published Dec 8, 20256mo ago · Modified Jun 17, 20261w ago

3.5 CVSS 3.1

Low

Published Dec 8, 2025 6mo ago

Last Modified Jun 17, 2026 1w ago

Description

A stored cross-site scripting vulnerability exists in the web management interface of the R.V.R. Elettronica TLK302T telemetry controller (firmware 1.5.1799).

CVSS Details

Base Score

3.5

Exploitability

0.9

Impact

2.5

Vector string

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N

Attack Vector Network

Attack Complexity Low

Privileges Required High

User Interaction Required

Scope Unchanged

Confidentiality Low

Integrity Low

Availability None

Threat Intelligence

EPSS Exploit Probability

7.8% percentile

Exploit & Patch Status

Public Exploit Known

No Patch Available

Weaknesses 1

CWE-79 Cross-site Scripting Injection

Affected Products 2

Vendor	Product	Version	Range
rvr	tlk302t_firmware	1.5.1799	any
rvr	tlk302t	*	any

References 2

github.com https://github.com/iyadalkhatib98/My_CVES/tree/main/CVE-2025-65228

ExploitThird Party Advisory
rvr.it https://www.rvr.it/en/products/components/telemetry-units-system/tlk300-series/tlk302t/

Product

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.