CVE-2025-8386
MEDIUM
6.9
Our Analysis: General-Purpose
Our model has classified this vulnerability as relevant to General-Purpose Systems, helping your team prioritize efforts effectively.
Published Date
November 15, 2025
Last Modified
November 18, 2025
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:L
Description
The vulnerability, if exploited, could allow an authenticated miscreant
(with privilege of "aaConfigTools") to tamper with App Objects' help
files and persist a cross-site scripting (XSS) injection that when
executed by a victim user, can result in horizontal or vertical
escalation of privileges. The vulnerability can only be exploited during
config-time operations within the IDE component of Application Server.
Run-time components and operations are not affected.