CVE-2025-23674
CVSS 3.1 Score 7.1 of 10 (high)
Details
Published Jan 22, 2025
CWE ID 79
Summary
CVE-2025-23674 is a Cross-site Scripting (XSS) vulnerability affecting the Bit.ly linker. The issue stems from improper neutralization of user input during web page generation, allowing attackers to inject malicious scripts. This can potentially lead to unauthorized access or data theft when users click on a maliciously crafted link. The vulnerability spans from an undetermined version up to and including 1.1 of the Bit.ly linker. Users are advised to update to a secure version as soon as possible to mitigate this risk.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share