CVE-2025-25070

Summary

CVE-2025-25070 is a Cross-site Scripting (XSS) vulnerability affecting the NotFound Album Reviewer application from versions n/a through 2.0.2. The flaw, referred to as Improper Neutralization of Input During Web Page Generation, enables attackers to inject malicious scripts into web pages viewed by other users. These scripts can steal sensitive information, modify webpage content, or perform other malicious actions. Successful exploitation of this vulnerability could lead to significant security risks for users of the affected application. It is strongly recommended that users upgrade to a patched version of the software as soon as possible to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.