CVE-2025-23965

Summary

CVE-2025-23965 is a Cross-site Scripting (XSS) vulnerability affecting the Kopa Nictitate Toolkit, from an unknown version up to 1.0.2. The flaw, referred to as Stored XSS, occurs due to improper neutralization of user input during web page generation. Attackers can exploit this vulnerability by injecting malicious scripts into a website, allowing them to steal user data, modify webpage content, or perform other malicious actions on behalf of the user. This issue poses a significant risk to any organization using the affected version of the Kopa Nictitaire Toolkit and emphasizes the importance of promptly applying the available patch to mitigate the threat.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.