CVE-2025-56252
BaseFortify
Publication date: 2025-09-15
Last updated on: 2025-09-20
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| pathinfotech | servitiumcrm | 2.10 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-56252 is a critical Reflected Cross-Site Scripting (XSS) vulnerability in ServitiumCRM 2.10. It occurs because the 'mobile' parameter in the web interface does not properly sanitize or encode user input before reflecting it back on the page. Attackers can craft malicious URLs containing JavaScript code that executes in the victim's browser when clicked, allowing unauthorized script execution within the context of the ServitiumCRM domain. [1]
How can this vulnerability impact me? :
This vulnerability can lead to session hijacking, credential theft, phishing attacks, browser exploitation, and application defacement. Attackers can steal authentication cookies, capture login credentials via fake prompts, redirect users to malicious websites, or inject keyloggers by distributing malicious URLs through phishing emails or social media. Once a victim interacts with such a URL, the injected scripts run with the permissions of the ServitiumCRM domain, compromising sensitive data and user accounts. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by testing the 'mobile' parameter in the ServitiumCRM web interface for reflected Cross-Site Scripting (XSS). You can craft URLs with payloads such as mobile=\"><img src=x onerror=prompt(1)> and observe if the JavaScript executes in the browser. Using tools like curl or wget to send requests with such payloads and analyzing the response for reflected scripts can help detect the issue. For example, you can use: curl -v 'http://target/servitiumcrm?mobile=\"><img src=x onerror=prompt(1)>' and check if the payload is reflected unencoded in the response body. Additionally, web vulnerability scanners that test for reflected XSS can be used to automate detection. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include implementing strict input validation and sanitization on the 'mobile' parameter using a whitelist approach, and ensuring proper output encoding of all reflected user inputs. Deploying a restrictive Content Security Policy (CSP) to block unauthorized scripts is recommended. Additionally, set HTTP-only and Secure flags on session cookies to prevent JavaScript access. Conduct user awareness training on phishing and social engineering, and perform regular security audits and penetration testing to identify and remediate vulnerabilities. [1]