CVE-2025-27306

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Published Feb 24, 2025

CWE ID 79

Summary

CVE-2025-27306 is a Cross-Site Scripting (XSS) vulnerability affecting Pathomation from versions n/a through 2.5.1. Maliciously crafted input data can be stored in web pages generated by Pathomation, allowing attackers to inject and execute malicious scripts in users' browsers when they view these pages. This issue poses a serious security risk as it allows attackers to steal sensitive information or take control of users' sessions. Users are advised to upgrade to the latest version of Pathomation as soon as possible to mitigate this threat.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/3ly-GN
https://www.cve.org/CVERecord?id=CVE-2025-27306
https://nvd.nist.gov/vuln/detail/CVE-2025-27306

Back to Vulnerability Database

CVE-2025-27306

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations