← Back to home
ICSA-25-198-01  ·  Published 2025-07-17  ·  View on CISA ICS-CERT ↗

Leviton AcquiSuite and Energy Monitoring Hub

CVSS 9.3 CRITICAL

Risk Summary

Successful exploitation of this vulnerability could allow an attacker to craft a malicious payload in URL parameters that would get executed in a client browser when accessed by a user, steal session tokens and control the service.

CVEs (1)

Remediations

  • Leviton has not responded to requests to work with CISA to mitigate this vulnerability. Users of these affected products are welcome to contact Leviton's customer support for additional information.

Affected Vendors

Leviton

Affected Products (2)

Leviton · AcquiSuite A8810
Leviton · Energy Monitoring Hub A8812

Affected Sectors

Communications

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more