CVE-2025-40675
BaseFortify
Publication date: 2025-06-09
Last updated on: 2025-10-06
Assigner: Spanish National Cybersecurity Institute, S.A. (INCIBE)
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| webkul | bagisto | From 2.0.0 (inc) to 2.2.3 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-40675 is a Reflected Cross-Site Scripting (XSS) vulnerability in Bagisto version 2.0.0. It allows an attacker to execute arbitrary JavaScript code in a victim's browser by sending a malicious URL that exploits the 'query' parameter in the /search endpoint. When the victim clicks this malicious link, the attacker's script runs in their browser without needing any special privileges or user interaction beyond clicking the link. [1]
How can this vulnerability impact me? :
This vulnerability can lead to theft of sensitive user data such as session cookies, which can be used to hijack user sessions. It can also allow attackers to perform unauthorized actions on behalf of the user, potentially compromising user accounts and data integrity. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by testing the /search endpoint with the 'query' parameter for reflected XSS. For example, you can use curl or a browser to send a request with a payload such as <script>alert(1)</script> in the 'query' parameter and observe if the script executes or is reflected unescaped in the response. A sample curl command could be: curl -G 'http://your-bagisto-site/search' --data-urlencode 'query=<script>alert(1)</script>' -i. If the response contains the script unescaped, the vulnerability is present. [1]
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to upgrade Bagisto to version 2.2.3 or later, where this vulnerability has been fixed. Until then, you can implement input validation and output encoding on the 'query' parameter to prevent script injection. Additionally, consider applying web application firewall (WAF) rules to block malicious payloads targeting the /search endpoint. [1]