CVE-2025-11682
BaseFortify
Publication date: 2025-10-27
Last updated on: 2025-10-27
Assigner: Switzerland Government Common Vulnerability Program
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| perx | customer_engagement_and_loyalty_platform | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
| CWE-83 | The product does not neutralize or incorrectly neutralizes "javascript:" or other URIs from dangerous attributes within tags, such as onmouseover, onload, onerror, or style. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-11682 is a stored cross-site scripting (XSS) vulnerability in the LMT Dashboard of the Perx Customer Engagement & Loyalty Platform. It allows an authenticated attacker with upload permissions to upload malicious SVG files containing embedded JavaScript. When other users view these SVG images on the public LMT microsite, the malicious script executes in their browsers. This happens because the platform improperly sanitizes SVG uploads, treating them as safe images despite containing executable code. [1]
How can this vulnerability impact me? :
This vulnerability can lead to session hijacking, impersonation, unauthorized data access, content modification, redirection to malicious sites, and theft of sensitive data. Attackers can exploit it to execute arbitrary JavaScript in victims' browsers, potentially combining it with phishing or social engineering attacks. Exploitation requires valid dashboard credentials but poses serious risks to users interacting with the affected microsite. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection involves checking for the presence of malicious SVG files uploaded to the LMT Dashboard campaigns. One approach is to audit uploaded SVG files for embedded JavaScript payloads. Since the vulnerability involves SVG uploads containing scripts, you can search for <script> tags or JavaScript event handlers within SVG files. For example, you can use commands like 'grep -iE "<script|onload|onerror|javascript:" *.svg' on exported SVG files from the system. Additionally, monitoring HTTP PUT requests to the campaign API endpoint for SVG uploads can help identify suspicious activity. Network monitoring tools can be configured to alert on SVG file uploads or unusual PUT requests to the campaign API. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include upgrading the Perx Customer Engagement & Loyalty Platform to version 4.6.74 or later, where the vulnerability is fully patched with effective server-side sanitization. Additionally, enforce strict Content Security Policies (CSP) on the LMT microsite to block execution of untrusted scripts and set HttpOnly flags on cookies to prevent client-side script access to session tokens. Restrict upload permissions to trusted users only and monitor for suspicious SVG uploads. If upgrading immediately is not possible, consider disabling SVG uploads temporarily or implementing manual review of uploaded SVG files. [1]