CVE-2025-23872

CVSS 3.1 Score 7.1 of 10 (high)

Details

Published Jan 16, 2025
CWE ID 352

Summary

CVE-2025-23872 is a newly identified vulnerability that impacts the PayForm application from an unknown version up to 2.0. This weakness combines two critical issues: Cross-Site Request Forgery (CSRF) and Stored Cross-Site Scripting (XSS). The CSRF vulnerability allows an attacker to submit malicious requests on behalf of an unsuspecting user, while the Stored XSS issue enables an attacker to inject malicious scripts into a web page viewed by other users. These threats could potentially lead to unauthorized actions or data theft. It is essential for PayForm users to update their software as soon as a patch becomes available.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share