CVE-2025-39525

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Published Apr 16, 2025

CWE ID 79

Summary

CVE-2025-39525 is a Cross-site Scripting (XSS) vulnerability affecting the wpWax Logo Carousel Slider, from an unknown version through 2.1.3. This issue occurs due to improper neutralization of user input during web page generation. Attackers can exploit this vulnerability to inject and execute malicious scripts in users' browsers, potentially stealing sensitive information or taking control of affected accounts. Users are strongly advised to update to the latest version of the plugin or consider disabling it if an update is not possible.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/5RSQ9z
https://www.cve.org/CVERecord?id=CVE-2025-39525
https://nvd.nist.gov/vuln/detail/CVE-2025-39525

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

Threats to the 2025 NATO Summit

Artificial Eyes: Generative AI in China’s Military Intelligence

GrayAlpha Uses Diverse Infection Vectors to Deploy PowerNet Loader and NetSupport RAT

Know What Matters

For Customers

For Partners

CVE-2025-39525

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations