CVE-2025-1208

CVSS 3.1 Score 5.4 of 10 (medium)

Details

Published Feb 12, 2025

Updated: Feb 21, 2025

CWE ID 94

CWE ID 79

Summary

CVE-2025-1208 is a newly identified vulnerability affecting the Wazifa System 1.0, specifically the processing of the /Profile.php file. This issue carries a significant risk, as it enables attackers to inject malicious scripts through manipulation of the postcontent argument, resulting in cross-site scripting. The exploit can be triggered remotely, and the public disclosure of the vulnerability increases the likelihood of it being exploited. Organizations using Wazifa System 1.0 are advised to apply patches or updates as soon as possible to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Code Projects

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/3NtFLz
https://www.cve.org/CVERecord?id=CVE-2025-1208
https://nvd.nist.gov/vuln/detail/CVE-2025-1208

Back to Vulnerability Database

CVE-2025-1208

CVSS 3.1 Score 5.4 of 10 (medium)

Details

Summary

Affected Vendors

Advisories, Assessments, and Mitigations