CVE-2025-2335

Summary

CVE-2025-2335 is a recently disclosed cross-site scripting (XSS) vulnerability affecting Drivin Soluções API Handler up to version 20250226. This issue lies within the /api/school/registerSchool file and can be triggered through manipulation of the message argument. The exploit allows attackers to inject malicious scripts into a victim's browser, posing a significant security risk. The vulnerability can be exploited remotely, and the exploit has already been made public, increasing the urgency for affected organizations to apply patches or workarounds. Despite early notification from the security community, the vendor has not responded to address the issue.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.