CVE-2025-27574: XSS
First published: Fri Mar 28 2025(Updated: )
Cross-site scripting vulnerability exists in the USB storage file-sharing function of HGW-BL1500HM Ver 002.002.003 and earlier. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who is using the configuration page or functions accessible only from the LAN side of the product.
Credit: vultures@jpcert.or.jp
| Affected Software | Affected Version | How to fix |
|---|---|---|
| HGW HGW-BL1500HM | <002.002.003 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2025-27574?
CVE-2025-27574 is classified as a cross-site scripting vulnerability, which can lead to unauthorized script execution in a user's web browser.
How do I fix CVE-2025-27574?
To mitigate CVE-2025-27574, users should update the HGW-BL1500HM device firmware to version 002.002.004 or later.
What systems are affected by CVE-2025-27574?
CVE-2025-27574 affects HGW-BL1500HM devices running firmware versions 002.002.003 and earlier.
What type of attack does CVE-2025-27574 enable?
CVE-2025-27574 enables cross-site scripting attacks that could allow an attacker to execute arbitrary scripts in the context of the user's web browser.
Is CVE-2025-27574 easy to exploit?
CVE-2025-27574 may be exploited easily if users access the vulnerable configuration page without protective measures.
- collector/mitre-cve
- source/MITRE
- collector/nvd-api
- source/NVD
- agent/references
- agent/type
- agent/description
- agent/first-publish-date
- agent/last-modified-date
- agent/weakness
- agent/severity
- agent/author
- agent/event
- agent/guess-ai
- agent/software-canonical-lookup
- agent/softwarecombine
- collector/epss-latest
- source/FIRST
- agent/source
- agent/tags
- agent/epss
- vendor/hgw
- canonical/hgw hgw-bl1500hm