CVE-2025-23992
CVSS 3.1 Score 5.9 of 10 (medium)
Details
Summary
CVE-2025-23992 is a Cross-site Scripting (XSS) vulnerability affecting the Leetoo Toocheke Companion application. The flaw, which permits Stored XSS attacks, resides in the improper neutralization of user input during web page generation. Successful exploitation could lead to the injection of malicious scripts into web pages viewed by other users, potentially stealing sensitive information or taking control of their accounts. This issue afflicts Toocheke Companion versions from n/a through 1.166. It is essential for users to update their software to mitigate this risk.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.