CVE-2025-25153

CVSS 3.1 Score 7.1 of 10 (high)

Details

Published Feb 7, 2025

CWE ID 352

Summary

CVE-2025-25153 is a newly disclosed vulnerability affecting the Simple Auto Tag software. This issue combines elements of Cross-Site Request Forgery (CSRF) and Stored XSS attacks. An adversary can exploit the CSRF vulnerability to perform unauthorized actions on behalf of a user, while the Stored XSS component allows injection of malicious scripts into web pages viewed by other users. The Simple Auto Tag software, which is used for automatic tagging of media files, is impacted from an undisclosed version up to and including 1.1. Successful exploitation of this vulnerability can lead to significant security risks.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/3Byxe8
https://www.cve.org/CVERecord?id=CVE-2025-25153
https://nvd.nist.gov/vuln/detail/CVE-2025-25153

Back to Vulnerability Database

CVE-2025-25153

CVSS 3.1 Score 7.1 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations