CVE-2025-0844

Summary

CVE-2025-0844 is a recently disclosed vulnerability affecting the Registration Page component in the outdated Needyamin Library Card System 1.0. The issue lies within the signup.php file and stems from a cross-site scripting (XSS) weakness. Manipulation of the firstname, lastname, email, borrow, and user_address parameters can lead to code injection, potentially allowing unauthorized attackers to execute malicious scripts in users' browsers. This vulnerability can be exploited remotely, increasing the risk to affected systems. The exploit has been made public, making it crucial for users to apply patches or updates as soon as possible to mitigate the threat.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.