CVE-2025-24892

CVSS 3.1 Score 3.5 of 10 (low)

Details

Published Feb 10, 2025

CWE ID 79

Summary

CVE-2025-24892 is a vulnerability affecting OpenProject, an open-source project management software. Versions prior to 15.2.1 are susceptible to this issue, which allows for the injection of malicious HTML script tags in the Group Management section. These scripts are not properly sanitized, resulting in potential security risks. The vulnerability has been rectified in OpenProject version 15.2.1. Users unable to upgrade immediately have the option to apply a patch manually to mitigate the risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

OPF OpenProject

Affected Vendors

Openproject

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/2175H1
https://www.cve.org/CVERecord?id=CVE-2025-24892
https://nvd.nist.gov/vuln/detail/CVE-2025-24892

Back to Vulnerability Database