ByteOS Network

NVD Vulnerability Details :

CVE-2025-64049

Analyzed

Source-cve@mitre.org

Published At-25 Nov, 2025 | 16:16

Updated At-03 Dec, 2025 | 17:06

A stored cross-site scripting (XSS) vulnerability in the module management component in REDAXO CMS 5.20.0 allows remote users to inject arbitrary web script or HTML via the Output code field in modules. The payload is executed when a user views or edits an article by adding slice that uses the compromised module.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Secondary	3.1	4.8	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Type: Secondary

Version: 3.1

Base score: 4.8

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

CPE Matches

redaxo>>redaxo>>5.20.0

cpe:2.3:a:redaxo:redaxo:5.20.0:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-79	Secondary	134c704f-9b21-4f2e-91b3-4a467353bcc0

CWE ID: CWE-79

Type: Secondary

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

References

Hyperlink	Source	Resource
https://drive.google.com/drive/folders/1SpwL548ZBRYU_uL8W7Riv7VHshr2UN0R?usp=sharing	cve@mitre.org	Exploit
https://github.com/redaxo/redaxo	cve@mitre.org	Product
https://github.com/vettrivel007/CVE-Disclosures/blob/main/CVE-2025-64049.md	cve@mitre.org	Exploit Mitigation Third Party Advisory

Hyperlink: https://drive.google.com/drive/folders/1SpwL548ZBRYU_uL8W7Riv7VHshr2UN0R?usp=sharing

Source: cve@mitre.org

Resource:

Exploit

Hyperlink: https://github.com/redaxo/redaxo

Source: cve@mitre.org

Resource:

Product

Hyperlink: https://github.com/vettrivel007/CVE-Disclosures/blob/main/CVE-2025-64049.md

Source: cve@mitre.org

Resource:

Exploit

Mitigation

Third Party Advisory

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History