CVE-2025-22328

Summary

CVE-2025-22328 is a newly identified vulnerability that affects Elevio's software from an unknown version up to 4.4.1. This issue combines two serious threats: Cross-Site Request Forgery (CSRF) and Stored Cross-Site Scripting (XSS). The CSRF vulnerability enables an attacker to execute malicious actions on behalf of a victim by tricking them into making unintended requests. Meanwhile, the Stored XSS vulnerability allows an attacker to inject malicious scripts into a website, which can then be executed whenever a user visits the site, potentially leading to data theft or other forms of unauthorized access. These combined threats pose a significant risk to users of the affected Elevio software. It is recommended that users upgrade to the latest version or implement appropriate mitigations as soon as possible to protect against these attacks.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.