CVE-2025-23674

CVSS 3.1 Score 7.1 of 10 (high)

Details

Published Jan 22, 2025
CWE ID 79

Summary

CVE-2025-23674 is a Cross-site Scripting (XSS) vulnerability affecting the Bit.ly linker. The issue stems from improper neutralization of user input during web page generation, allowing attackers to inject malicious scripts. This can potentially lead to unauthorized access or data theft when users click on a maliciously crafted link. The vulnerability spans from an undetermined version up to and including 1.1 of the Bit.ly linker. Users are advised to update to a secure version as soon as possible to mitigate this risk.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share