CVE-2025-25125

CVSS 3.1 Score 7.1 of 10 (high)

Details

Published Feb 7, 2025

CWE ID 352

Summary

CVE-2025-25125 is a Cross-Site Request Forgery (CSRF) vulnerability affecting the CyrilG Fyrebox Quizzes platform. This issue enables Stored XSS (Cross-Site Scripting) attacks. An attacker can exploit this flaw to inject malicious scripts into a victim's web browser through specially crafted requests. Affected versions range from n/a to 2.7. System administrators are advised to upgrade to the latest version or apply appropriate patches to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/3By3jW
https://www.cve.org/CVERecord?id=CVE-2025-25125
https://nvd.nist.gov/vuln/detail/CVE-2025-25125

Back to Vulnerability Database

CVE-2025-25125

CVSS 3.1 Score 7.1 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations