CNNVD-202510-1955 Information

CNNVD ID

CNNVD-202510-1955

Related CVE

CVE-2025-62172

• CNNVD Published: 2025-10-14

Description (Chinese)

Home Assistant是Home Assistant开源的一套开源的家庭自动化管理系统。该系统主要用于控制家庭自动化设备。 Home Assistant 2025.1.0版本至2025.10.1版本存在安全漏洞，该漏洞源于能量仪表板中实体名称未正确清理，可能导致存储型跨站脚本攻击。

Description (English)

Home Assistant is the home Assistant open source home automation management system. The system is primarily used to control household automation equipment. Home Assistant version 2025.1.0 to version 2025.10.1 contains a security loophole that arises from the incorrect clean-up of entity names in the energy dashboard, which may result in a storage-type cross-station script attack.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

Home Assistant

Published

2025-10-14

Last Modified

2026-02-24

References

https://github.com/home-assistant/core/security/advisories/GHSA-mq77-rv97-285m https://access.redhat.com/security/cve/cve-2025-62172

Patch

https://www.home-assistant.io/