CVE-2025-22658

Summary

CVE-2025-22658 is a newly disclosed vulnerability impacting the Listings component of Appfolio, a property management software. This issue combines two threats: Cross-Site Request Forgery (CSRF) and Stored Cross-Site Scripting (XSS). The CSRF weakness enables an attacker to issue unintended commands on behalf of a victim, while the Stored XSS component allows malicious scripts to be injected into web pages viewed by other users. These vulnerabilities can lead to unauthorized access, data theft, or even system compromise. Users of Listings for Appfolio from all versions up to and including 1.2.0 are advised to apply the necessary patches as soon as possible.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.