CVE-2025-27278

Summary

CVE-2025-27278 is a Cross-Site Scripting (XSS) vulnerability affecting NotFound AcuGIS Leaflet Maps. The flaw, which allows Reflected XSS attacks, occurs due to improper neutralization of user input during web page generation. This issue can impact any version of AcuGIS Leaflet Maps, from the unspecified older versions up to and including 5.1.1.0. An attacker who successfully exploits this vulnerability can inject and execute malicious scripts in the victim's web browser, potentially leading to data theft, session hijacking, or other unintended actions. To mitigate this risk, it is recommended that users update their AcuGIS Leaflet Maps to the latest version that includes the necessary security patches.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.