Leviton AcquiSuite and Energy Monitoring Hub

Source: All CISA Advisories | Added:

Leviton AcquiSuite and Energy Monitoring Hub have a critical cross-site scripting (XSS) vulnerability that could allow attackers to execute malicious payloads in client browsers, potentially stealing session tokens and controlling the service. The vulnerability has been assigned CVE-2025-6185 and has a CVSS v4 score of 8.7.

---

Impact: Leviton AcquiSuite, Leviton Energy Monitoring Hub

In the Wild: No

Age: Newly disclosed

Remediation: Minimize network exposure for all control system devices, use firewalls, and implement secure remote access methods like VPNs.

Read Full Original Article →