CVE-2025-40727
BaseFortify
Publication date: 2025-06-16
Last updated on: 2025-06-16
Assigner: Spanish National Cybersecurity Institute, S.A. (INCIBE)
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-40727 is a Reflected Cross-Site Scripting (XSS) vulnerability in the /search endpoint of Phoenix Site CMS. It allows remote attackers to inject malicious code via the 's' GET parameter, which can then be executed in the context of a user's browser. This happens because the input is not properly neutralized before being included in the web page. [1]
How can this vulnerability impact me? :
This vulnerability can allow attackers to execute arbitrary code in the browser of users who visit the affected /search page with a crafted URL. This can lead to theft of user data, session hijacking, or other malicious actions performed on behalf of the user. However, the attack requires user interaction and has a medium severity with limited impact on confidentiality and integrity. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by testing the /search endpoint of Phoenix CMS for reflected XSS by injecting payloads into the 's' GET parameter and observing if the input is improperly reflected and executed. For example, you can use curl to send a request with a test script payload: curl -i 'http://target-site/search?s=<script>alert(1)</script>' and check if the script is reflected in the response. Additionally, using web vulnerability scanners that test for reflected XSS on GET parameters can help detect this issue. [1]
What immediate steps should I take to mitigate this vulnerability?
Since no patch or solution is currently reported, immediate mitigation steps include implementing input validation and output encoding on the 's' GET parameter to prevent script injection. Additionally, applying Web Application Firewall (WAF) rules to block malicious payloads targeting the /search endpoint can help reduce risk. Limiting user input or disabling the vulnerable functionality temporarily may also be considered until a patch is available. [1]