CVE-2025-61305
Reflected XSS in docuForm Mercury Managed Print Services
Publication date: 2026-05-11
Last updated on: 2026-05-11
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| docuform | docuform_fsm_server | 11.11c |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-61305 is a cross-site scripting (XSS) vulnerability found in the dfm-menu_firmware.php component of the docuForm FSM Server software version 11.11c.
This vulnerability allows attackers to inject arbitrary JavaScript code into the application by exploiting an unfiltered variable value.
Specifically, it is a stored XSS vulnerability where the injected script is saved by the application and later executed in the browsers of other users.
How can this vulnerability impact me? :
Exploitation of this vulnerability can lead to serious security risks including theft of sensitive session identifiers and personal user information.
An attacker could use the stolen information to take over user accounts, perform unauthorized actions on behalf of victims, or alter the behavior of the application.
The vulnerability has a high risk level with a CVSS score of 7.3, indicating significant potential impact.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
The vulnerability is a reflected cross-site scripting (XSS) issue in the dfm-menu_firmware.php component of docuForm FSM Server v11.11c. Detection typically involves testing the affected endpoint for injection of crafted JavaScript payloads and observing if the payload is reflected unsanitized in the response.
To detect this vulnerability on your system, you can perform manual or automated web application security testing targeting the dfm-menu_firmware.php page. This includes sending HTTP requests with typical XSS payloads in parameters and checking if the payload is executed or reflected in the response.
- Use curl or similar tools to send a request with a test XSS payload, for example: curl -v "http://<target>/dfm-menu_firmware.php?param=<script>alert(1)</script>"
- Use web vulnerability scanners that support XSS detection, such as OWASP ZAP or Burp Suite, to scan the dfm-menu_firmware.php endpoint.
- Monitor web server logs for suspicious requests containing script tags or unusual payloads targeting dfm-menu_firmware.php.
What immediate steps should I take to mitigate this vulnerability?
The vendor has acknowledged the vulnerability and released a fix in November 2025. The immediate step is to apply the vendor-provided patch or update to the docuForm FSM Server software to a version that includes the fix.
If patching is not immediately possible, consider implementing web application firewall (WAF) rules to block or sanitize requests containing suspicious script payloads targeting the vulnerable component.
Additionally, restrict access to the dfm-menu_firmware.php page to trusted users or internal networks only, if feasible, to reduce exposure.
Educate users about the risks of XSS and encourage safe browsing practices to mitigate potential exploitation.