CVE-2025-51534
BaseFortify
Publication date: 2025-08-04
Last updated on: 2025-09-20
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| craws | openatlas | to 8.12.0 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-51534 is a stored nested Cross-Site Scripting (XSS) vulnerability in OpenAtlas v8.11.0 that allows attackers to inject malicious scripts or HTML into the Name field. These crafted payloads are saved in the database and executed whenever the affected entries are displayed, enabling arbitrary JavaScript execution in the victim's browser. This occurs due to improper input validation and affects multiple modules such as Source, Event, Actor, Place, Artifact, and Reference. [1]
How can this vulnerability impact me? :
This vulnerability can lead to arbitrary script execution in users' browsers, potentially resulting in account takeover and privilege escalation. Attackers can manipulate the Delete button and perform unauthorized operations like UPDATE, DELETE, or DROP on data, causing data manipulation or deletion. The impact includes high confidentiality and integrity risks but no availability impact. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by testing the input validation of the 'Name' field in OpenAtlas v8.11.0 and earlier versions. You can attempt to inject known XSS payloads, such as SVG or style tags with onload event handlers (e.g., <svg onload=alert(1)>, <style>@font-face {src: url("javascript:alert(1)");}</style>), into the Name field of various modules (Source, Event, Actor, Place, Artifact, Reference, and Person modules). If the payload executes when the entry is displayed, the system is vulnerable. Network detection can involve monitoring HTTP requests and responses for suspicious payloads or script injections targeting these fields. Specific commands depend on your environment, but using tools like curl or browser developer consoles to inject and observe payload execution is recommended. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include upgrading OpenAtlas to version 8.12.0 or later, where the vulnerability has been fixed by improved input validation. Until the upgrade is applied, restrict access to the affected modules and fields, especially the 'Name' field, to trusted users only. Implement web application firewalls (WAF) rules to detect and block malicious payloads targeting the Name field. Additionally, educate users to avoid interacting with suspicious entries and monitor logs for unusual activity related to script execution or data manipulation. [1]