CVE Alert: CVE-2025-25461
Vulnerability Summary: CVE-2025-25461
A Stored Cross-Site Scripting (XSS) vulnerability exists in SeedDMS 6.0.29. A user or rogue admin with the “Add Category” permission can inject a malicious XSS payload into the category name field. When a document is subsequently associated with this category, the payload is stored on the server and rendered without proper sanitization or output encoding. This results in the XSS payload executing in the browser of any user who views the document.
Affected Endpoints:
No affected endpoints listed.
Published Date:
2/28/2025, 4:15:39 PM
⚠️ CVSS Score:
Exploit Status:
Not ExploitedReferences:
- https://github.com/RoNiXxCybSeC0101/CVE-2025-25461
- https://www.seeddms.org/
- https://github.com/RoNiXxCybSeC0101/CVE-2025-25461
Recommended Action:
No proposed action available. Please refer to vendor documentation for updates.
A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.
If you like the site, please support us on “Patreon” or “Buy Me A Coffee” using the buttons below
To keep up to date follow us on the below channels.
