CVE-2025-28094

Summary

CVE-2025-28094 is a newly identified vulnerability affecting shopxo version 6.4.0. This issue combines elements of Server Side Request Forgery (SSRF) and Cross-Site Scripting (XSS), making it a significant security risk. In SSRF attacks, malicious actors can trick the server into making requests to internal resources or external websites under their control. Simultaneously, the XSS vulnerability allows attackers to inject malicious scripts into web pages viewed by other users. Together, these vulnerabilities can lead to serious data breaches or unauthorized system access. Users of shopxo version 6.4.0 are advised to update their systems as soon as possible to mitigate these risks.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.