CVE-2025-25098

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Published Feb 7, 2025

CWE ID 79

Summary

CVE-2025-25098 is a Cross-site Scripting (XSS) vulnerability affecting Zack Katz Links in Captions, with versions from n/a to 1.2. An attacker can exploit this Improper Neutralization of Input issue during web page generation to inject malicious scripts into a victim's browser. Successful exploitation could lead to unauthorized access to user data or sessions, potentially enabling further attacks. Users are advised to upgrade to a patched version as soon as possible to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/3Byxe4
https://www.cve.org/CVERecord?id=CVE-2025-25098
https://nvd.nist.gov/vuln/detail/CVE-2025-25098

Back to Vulnerability Database

CVE-2025-25098

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations