CVE-2025-30587

Summary

CVE-2025-30587 is a newly disclosed vulnerability affecting the shawfactor LH OGP Meta, a library used for Open Graph Protocol meta tags. The issue combines a Cross-Site Request Forgery (CSRF) weakness and the potential for Stored Cross-Site Scripting (XSS). An attacker can exploit this vulnerability to inject malicious scripts into a victim's web browser, posing a significant security risk. The CSRF vulnerability allows an attacker to trick the user into performing unintended actions on a targeted website, while the Stored XSS component enables the attacker to maintain persistence and execute the malicious code even after the user leaves the site. Affected versions of LH OGP Meta range from n/a to 1.73.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.