CVE-2025-22675

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Published Feb 4, 2025

Updated: Feb 18, 2025

CWE ID 79

Summary

CVE-2025-22675 is a Cross-Site Scripting (XSS) vulnerability affecting the Alert Box Block in bPlugins. This issue, located in the front-end component for displaying notices and alerts, enables attackers to inject malicious scripts into a victim's web browser when viewing a compromised page. Successful exploitation could lead to stealing sensitive user data or taking control of the user's session. Users of Alert Box Block versions 1.1.0 and below are at risk. It is imperative that affected users upgrade to a secure version as soon as possible to mitigate potential threats.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/2RYJfp
https://www.cve.org/CVERecord?id=CVE-2025-22675
https://nvd.nist.gov/vuln/detail/CVE-2025-22675

Back to Vulnerability Database

CVE-2025-22675

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations