PatchSiren cyber security CVE debrief
CVE-2025-64130 Zenitel CVE debrief
CVE-2025-64130 affects Zenitel TCIV-3+ and is described by CISA as a reflected cross-site scripting issue that could allow a remote attacker to execute arbitrary JavaScript in the victim’s browser. The advisory assigns a CVSS 3.1 score of 9.8 (Critical) and Zenitel recommends upgrading to Version 9.3.3.0 or later.
- Vendor
- Zenitel
- Product
- TCIV-3+
- CVSS
- CRITICAL 9.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-11-25
- Original CVE updated
- 2025-11-25
- Advisory published
- 2025-11-25
- Advisory updated
- 2025-11-25
Who should care
Operators, administrators, and security teams responsible for Zenitel TCIV-3+ deployments should review this advisory, especially where the device or its management interface is used by multiple users or exposed to broader enterprise networks.
Technical summary
The supplied advisory identifies a reflected cross-site scripting vulnerability in Zenitel TCIV-3+. In practical terms, a maliciously crafted request can result in attacker-controlled JavaScript being executed in a victim’s browser, which can undermine browser trust and data handling for the affected session. The source assigns CVSS v3.1 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), and the published remediation is to upgrade to Version 9.3.3.0 or later.
Defensive priority
High. The advisory rates the issue Critical (CVSS 9.8), and the vendor-supplied mitigation is straightforward: upgrade to the fixed release or later. Until patched, treat the affected interface as a priority for exposure reduction and monitoring.
Recommended defensive actions
- Upgrade Zenitel TCIV-3+ to Version 9.3.3.0 or later, per the vendor advisory.
- Confirm which TCIV-3+ instances are in use and prioritize patching the most exposed or user-accessible deployments first.
- Review and apply CISA ICS recommended practices and defense-in-depth guidance for the affected environment.
- Restrict access to the affected interface to trusted administrative paths until remediation is complete.
- Validate that any compensating controls, logging, and monitoring are in place to detect suspicious browser or session activity related to the affected system.
Evidence notes
This debrief is based on the CISA CSAF advisory for ICSA-25-329-03 / CVE-2025-64130 and the linked official records. The source states the issue is a reflected cross-site scripting vulnerability that could allow remote execution of arbitrary JavaScript in a victim’s browser, and it provides a vendor remediation of upgrading to Version 9.3.3.0 or later. The supplied timeline shows initial publication on 2025-11-25 and no KEV entry in the provided enrichment data.
Official resources
-
CVE-2025-64130 CVE record
CVE.org
-
CVE-2025-64130 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
CISA published the advisory and CVE on 2025-11-25. The supplied enrichment data does not indicate a KEV listing, and the source revision history shows an initial publication only.