CVE-2025-11289

Name: CVE-2025-11289
Creator: NVD / NIST
Published: 2025-10-05T11:16:02.21+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

LOWCVSS 1.9/10EPSS 0.25%

Last modified Jun 17, 2026

CVE-2025-11289 is a low-severity vulnerability rated 1.9/10 on the CVSS scale. A vulnerability was determined in westboy CicadasCMS up to 2431154dac8d0735e04f1fd2a3c3556668fc8dab. The impacted element is the function Save of the file src/main/java/com/zhiliao/common/template/TemplateFileServiceImpl.java of the component Template Management Page. EPSS estimates a 0.25% chance of exploitation in the next 30 days.

Description

A vulnerability was determined in westboy CicadasCMS up to 2431154dac8d0735e04f1fd2a3c3556668fc8dab. The impacted element is the function Save of the file src/main/java/com/zhiliao/common/template/TemplateFileServiceImpl.java of the component Template Management Page. This manipulation causes cross site scripting. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized.

Metrics

CVSS 3.1

5.4/10

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

CVSS 4.0

1.9/10

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

EPSS Probability

0.25%

16.6th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

Vendor	Product	Versions
Westboy	Cicadascms	1.0

References

https://github.com/devastatingglamour/CVE/blob/main/CicadasCMS-XSS4.mdExploit, Third Party Advisory
https://vuldb.com/?ctiid.327170Permissions Required, VDB Entry
https://vuldb.com/?id.327170Third Party Advisory, VDB Entry
https://vuldb.com/?submit.659789Third Party Advisory, VDB Entry
https://vuldb.com/?submit.709804
https://github.com/devastatingglamour/CVE/blob/main/CicadasCMS-XSS4.mdExploit, Third Party Advisory

Timeline

Published: Oct 5, 2025
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2025-11289?

How severe is CVE-2025-11289?

CVE-2025-11289 has a CVSS score of 1.9/10 (LOW severity). The EPSS model estimates a 0.25% probability of exploitation in the next 30 days.

How do I fix CVE-2025-11289?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2025-11289?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST