StorageGRID XSS Reflected Vulnerability (before 11.9.0.8): CVE-2025-26514 September 2025

CVE-2025-26514 Reflected Cross-Site Scripting Vulnerability in StorageGRID (formerly StorageGRID Webscale)
StorageGRID (formerly StorageGRID Webscale) versions prior to 11.8.0.15 and 11.9.0.8 are susceptible to a Reflected Cross-Site Scripting vulnerability. Successful exploit could allow an attacker to view or modify configuration settings or add or modify user accounts but requires the attacker to know specific information about the target instance and then trick a privileged user into clicking a specially crafted link.

Vulnerability Analysis

CVE-2025-26514 is exploitable with network access, requires user interaction. This vulnerability is consided to have a high level of attack complexity. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality, a high impact on integrity, and a small impact on availability.

Attack Vector:

NETWORK

Attack Complexity:

HIGH

Privileges Required:

NONE

User Interaction:

REQUIRED

Scope:

UNCHANGED

Confidentiality Impact:

LOW

Integrity Impact:

HIGH

Availability Impact:

LOW

Weakness Type

What is a XSS Vulnerability?

The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

CVE-2025-26514 has been classified to as a XSS vulnerability or weakness.

Products Associated with CVE-2025-26514

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2025-26514 are published in NetApp Storagegrid:

NetApp Storagegrid

Affected Versions

Exploit Probability

EPSS

0.03%

Percentile

6.89%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.