CVE-2025-0971

CVSS 3.1 Score 3.5 of 10 (low)

Details

Published Feb 3, 2025

CWE ID 94

CWE ID 79

Summary

CVE-2025-0971 is a newly disclosed vulnerability affecting Zenvia Movidesk up to version 25.01.22. This issue, rated as problematic, lies within the /Account/EditProfile feature of the Profile Editing component. The vulnerability enables an attacker to execute cross-site scripting by manipulating the argument 'username'. The exploit can be launched remotely, posing a significant threat. Public disclosure of the exploit increases the risk, making it crucial for users to upgrade to version 25.01.22.245a473c54 as soon as possible to mitigate the risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/2_1GIj
https://www.cve.org/CVERecord?id=CVE-2025-0971
https://nvd.nist.gov/vuln/detail/CVE-2025-0971

Back to Vulnerability Database

CVE-2025-0971

CVSS 3.1 Score 3.5 of 10 (low)

Details

Summary

Advisories, Assessments, and Mitigations