Vulnerability Database

300,830

Total vulnerabilities in the database

CVE-2025-52358

A cross-site scripting vulnerability in Vivaldi United Group iCONTROL+ Server including Firmware version 4.7.8.0.eden Logic version 5.32 and below. This issue allows attackers to inject JavaScript payloads within the error or edit-menu-item parameters which are then executed in the victim's browser session.

Published: Jul 29, 2025
Updated: Aug 7, 2025
CVE: CVE-2025-52358
Exploit:

No technical information available.

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
vivaldigroup / icontrol+_server	5.32	5.32.x
vivaldigroup / vivaldi_domotica_icontrol_firmware	4.7.8.0.eden	4.7.8.0.eden.x

https://github.com/MatJosephs/CVEs/blob/main/CVE-2025-52358/README.md
https://vivaldigroup.it/en/

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo