XSS in Silabs.com Simplicity Device Manager
CVE-2025-11004
The Simplicity Device Manager Tool has a Reflected XSS (Cross-site-scripting) vulnerability in several API endpoints. The attacker needs to be on the same network to execute this attack. These APIs can affect confidentiality, integrity, an…
Vulnerability class: XSS (Cross-Site Scripting)
EPSS: 0.003 (17.0th percentile) — read the EPSS interpretation.
Affected products
- Silabs.com Simplicity Device Manager — versions 0
Weakness classification (CWE)
References
- product-security@silabs.com (vendor-advisory, permissions-required)