CVE-2025-15437
Last modified
CVE-2025-15437 is a low-severity vulnerability rated 2/10 on the CVSS scale. A vulnerability was found in LigeroSmart up to 6.1.24. This affects an unknown part of the component Environment Variable Handler. EPSS estimates a 0.24% chance of exploitation in the next 30 days.
Description
A vulnerability was found in LigeroSmart up to 6.1.24. This affects an unknown part of the component Environment Variable Handler. Performing a manipulation of the argument REQUEST_URI results in cross site scripting. The attack may be initiated remotely. The exploit has been made public and could be used. Upgrading to version 6.1.26 and 6.3 is able to mitigate this issue. The patch is named 264ac5b2be5b3c673ebd8cb862e673f5d300d9a7. The affected component should be upgraded.
Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Ligerosmart | Ligerosmart | <= 6.1.24 |
References
- https://github.com/LigeroSmart/ligerosmart/issues/278Issue Tracking
- https://github.com/LigeroSmart/ligerosmart/issues/278#issuecomment-3675129508Exploit, Issue Tracking
- https://vuldb.com/?ctiid.339364Permissions Required, VDB Entry
- https://vuldb.com/?id.339364Third Party Advisory, VDB Entry
- https://vuldb.com/?submit.729021Third Party Advisory, VDB Entry
Timeline
- Published
- Last Modified
- Status
- Analyzed
Frequently Asked Questions
What is CVE-2025-15437?
How severe is CVE-2025-15437?
How do I fix CVE-2025-15437?
Are you affected by CVE-2025-15437?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST