CVE-2025-23110

Summary

CVE-2025-23110 is a newly identified vulnerability in REDCap version 14.9.6. This issue involves a Reflected cross-site scripting (XSS) weakness in the email-subject field during the process of uploading a CSV file containing alert configurations. An attacker can exploit this vulnerability by sending a malicious CSV file to the victim via email, with the XSS payload hidden within the email-subject. If the victim opens the email and uploads the file, they will be redirected to a page displaying the uploaded data. By clicking on the manipulated email-subject value, the victim unknowingly initiates the XSS payload, potentially allowing the attacker to execute malicious code and gain unauthorized access to their system.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.