CVE-2025-0972

CVSS 3.1 Score 3.5 of 10 (low)

Details

Published Feb 3, 2025

CWE ID 94

CWE ID 79

Summary

CVE-2025-0972 is a newly disclosed cross-site scripting (XSS) vulnerability affecting Zenvia Movidesk up to version 25.01.22. The issue lies in the New Ticket Handler component, which can be exploited by manipulating the argument subject. This vulnerability allows remote attackers to inject malicious scripts into the targeted website, potentially causing data theft or unauthorized actions. Since the exploit has been made public, it is advised that users upgrade to the latest version, 25.01.22.245a473c54, to mitigate the risk. Failure to upgrade may put your system at risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/2_0Dmj
https://www.cve.org/CVERecord?id=CVE-2025-0972
https://nvd.nist.gov/vuln/detail/CVE-2025-0972

Back to Vulnerability Database

CVE-2025-0972

CVSS 3.1 Score 3.5 of 10 (low)

Details

Summary

Advisories, Assessments, and Mitigations