CVE-2025-3961

CVSS 3.1 Score 4.1 of 10 (medium)

Details

Published Apr 27, 2025

Updated: May 12, 2025

CWE ID 94

CWE ID 79

Summary

CVE-2025-3961 is a recently disclosed cross-site scripting (XSS) vulnerability in the outdated Books-Management-System 1.0. This issue lies within the /admin/article/add/do file, which can be exploited by manipulating the Title argument. Attackers can initiate the attack remotely, potentially gaining unauthorized access or stealing sensitive data. The exploit is publicly known, increasing the risk of attacks. Other parameters may also be affected, but the vulnerability only impacts unsupported versions of this software.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/5hrEBJ
https://www.cve.org/CVERecord?id=CVE-2025-3961
https://nvd.nist.gov/vuln/detail/CVE-2025-3961

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

Threats to the 2025 NATO Summit

Artificial Eyes: Generative AI in China’s Military Intelligence

GrayAlpha Uses Diverse Infection Vectors to Deploy PowerNet Loader and NetSupport RAT

Know What Matters

For Customers

For Partners

CVE-2025-3961

CVSS 3.1 Score 4.1 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations