CVE-2025-9568
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-09-01

Last updated on: 2025-09-25

Assigner: TWCERT/CC

Description
The eHRD developed by Sunnet has a Reflected Cross-site Scripting vulnerability, allowing unauthenticated remote attackers to execute arbitrary JavaScript codes in user's browser through phishing attacks.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-09-01
Last Modified
2025-09-25
Generated
2026-05-27
AI Q&A
2025-09-01
EPSS Evaluated
2026-05-25
NVD
CVE-2025-9568
EUVD
EUVD-2025-26320
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
sun.net ehrd_ctms *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-79 The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability is a Reflected Cross-site Scripting (XSS) issue in the eHRD product developed by Sunnet. It allows unauthenticated remote attackers to execute arbitrary JavaScript code in a user's browser by tricking the user into clicking a malicious link, typically through phishing attacks. [1]


How can this vulnerability impact me? :

The vulnerability can allow attackers to run malicious scripts in the context of a user's browser session, potentially leading to theft of sensitive information, session hijacking, or other malicious actions performed on behalf of the user. Since it requires user interaction (such as clicking a phishing link), the impact depends on successful social engineering. [1]


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart