CVE-2025-9568
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-09-01

Last updated on: 2025-09-25

Assigner: TWCERT/CC

Description
The eHRD developed by Sunnet has a Reflected Cross-site Scripting vulnerability, allowing unauthenticated remote attackers to execute arbitrary JavaScript codes in user's browser through phishing attacks.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-09-01
Last Modified
2025-09-25
Generated
2026-06-16
AI Q&A
2025-09-01
EPSS Evaluated
2026-06-14
NVD
CVE-2025-9568
EUVD
EUVD-2025-26320
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
sun.net ehrd_ctms *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-79 The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is a Reflected Cross-site Scripting (XSS) issue in the eHRD product developed by Sunnet. It allows unauthenticated remote attackers to execute arbitrary JavaScript code in a user's browser by tricking the user into clicking a malicious link, typically through phishing attacks. [1]

Impact Analysis

The vulnerability can allow attackers to run malicious scripts in the context of a user's browser session, potentially leading to theft of sensitive information, session hijacking, or other malicious actions performed on behalf of the user. Since it requires user interaction (such as clicking a phishing link), the impact depends on successful social engineering. [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-9568. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart