CVE-2025-22917

CVSS 3.1 Score 5.4 of 10 (medium)

Details

Published Jan 28, 2025

Updated: Jan 29, 2025

CWE ID 79

Summary

CVE-2025-22917 is a reflected cross-site scripting (XSS) vulnerability affecting Audemium ERP versions below 0.9.0. This issue permits remote attackers to inject malicious JavaScript code into the 'type' parameter of list.php, which in turn is executed in the web browser of an unsuspecting user. Successful exploitation can lead to unintended actions, such as session hijacking or data theft. Users are advised to update to the latest version of Audemium ERP to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/2T-0KO
https://www.cve.org/CVERecord?id=CVE-2025-22917
https://nvd.nist.gov/vuln/detail/CVE-2025-22917

Back to Vulnerability Database

CVE-2025-22917

CVSS 3.1 Score 5.4 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations