CRITICAL
Leviton
CVE published 2025-07-17
CVE-2025-6185
CVE-2025-6185 is a publicly disclosed cross-site scripting issue affecting Leviton AcquiSuite (A8810) and Leviton Energy Monitoring Hub (A8812). According to the CISA advisory published on 2025-07-17, an attacker can place a malicious payload in URL parameters that may execute in a user’s browser, enabling session token theft and control of the service. The advisory rates the issue CVSS 9.3 (Critical).