PatchSiren cyber security CVE debrief
CVE-2025-67448 Neterbit CVE debrief
CVE-2025-67448 is a HIGH severity vulnerability in the SMS module of the Neterbit NW-431F Router, with a CVSS score of 7.1. The vulnerability allows an attacker to send an SMS containing a malicious XSS payload, which will be executed in the context of the victim's browser when the message is viewed. This is due to the application not properly sanitizing user input in SMS messages before storing and displaying them.
- Vendor
- Neterbit
- Product
- NW-431F Router
- CVSS
- HIGH 7.1
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-04
- Original CVE updated
- 2026-06-04
- Advisory published
- 2026-06-04
- Advisory updated
- 2026-06-04
Who should care
Administrators and users of the Neterbit NW-431F Router, particularly those who have not updated to a version beyond 20241014-IR03, should be aware of this vulnerability and take necessary precautions.
Technical summary
The SMS module in Neterbit NW-431F Router 20241014-IR03 and before does not properly sanitize user input in SMS messages before storing and displaying them. This allows an attacker to send an SMS containing a malicious XSS payload, which will be executed in the context of the victim's browser when the message is viewed.
Defensive priority
HIGH
Recommended defensive actions
- Update to the latest version of the Neterbit NW-431F Router if available.
- Implement proper input sanitization for SMS messages.
- Monitor SMS messages for suspicious activity.
Evidence notes
The CVE record and NVD detail for CVE-2025-67448 indicate that the vulnerability is in the SMS module of the Neterbit NW-431F Router. [see resourceLinkAnnotations: cve-org, nvd]
Official resources
CVE-2025-67448 was published on 2026-06-04T18:16:27.853Z and modified on 2026-06-04T19:16:26.867Z.