CVE-2025-8386

The vulnerability, if exploited, could allow an authenticated miscreant
(with privilege of “aaConfigTools”) to tamper with App Objects’ help
files and persist a cross-site scripting (XSS) injection that when
executed by a victim user, can result in horizontal or vertical
escalation of privileges. The vulnerability can only be exploited during
config-time operations within the IDE component of Application Server.
Run-time components and operations are not affected.

More information : https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2025/icsa-25-317-02.json