CVE-2025-25905
BaseFortify
Publication date: 2025-06-25
Last updated on: 2025-07-07
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| 4pace | cadclick | to 1.13.0 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-25905 is a Cross-Site Scripting (XSS) vulnerability in CADClick versions 1.13.0 and earlier. It occurs because the application improperly handles the "tree" parameter in the URL, allowing attackers to inject arbitrary JavaScript or HTML code. For example, an attacker can inject a payload like `<img src/onerror=alert(document.domain)>` which, when the page loads, executes the injected script and can display the domain name or perform other malicious actions. [1]
How can this vulnerability impact me? :
This vulnerability can allow remote attackers to execute arbitrary scripts in the context of the affected website. This can lead to theft of user session cookies, defacement of the website, redirection to malicious sites, or other malicious activities that compromise user data and trust. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by testing the 'tree' parameter in the URL of CADClick versions 1.13.0 and earlier for reflected Cross-Site Scripting (XSS). A common detection method is to inject a payload such as `<img src/onerror=alert(document.domain)>` into the 'tree' parameter and observe if the JavaScript alert is triggered when the page loads. For example, you can use curl or a browser to send a request like: `curl 'http://targetsite.com/page?tree=<img src/onerror=alert(document.domain)>'` and check if the alert executes or if the response contains the injected script. Automated scanners that test for reflected XSS on URL parameters can also be used. [1]
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to update CADClick to version 1.14.0 or later, where the vulnerability has been fixed. If updating is not immediately possible, apply input validation and output encoding on the 'tree' parameter to prevent injection of arbitrary scripts. Additionally, consider implementing Web Application Firewall (WAF) rules to block suspicious payloads targeting the 'tree' parameter until the patch can be applied. [1]