CVE-2025-0709

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2025-0709
A vulnerability was found in Dcat-Admin 2.2.1-beta. It has been rated as problematic. This issue affects some unknown processing of the file /admin/auth/roles of the component Roles Page. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

4.8 /10

CVSS v3.0 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.7 / Impact : 2.7

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

References
Link Resource
https://github.com/taynes-llllzt/taynes/issues/7 Exploit Third Party Advisory
https://github.com/taynes-llllzt/taynes/issues/7#issue-2792259251 Exploit Third Party Advisory
https://vuldb.com/?ctiid.293237 Permissions Required VDB Entry
https://vuldb.com/?id.293237 Third Party Advisory VDB Entry
https://vuldb.com/?submit.483364 Third Party Advisory VDB Entry
Configurations

Configuration 1 (hide)

cpe:2.3:a:dcatadmin:dcat_admin:2.2.1:beta:*:*:*:*:*:*
History

07 May 2025, 20:03

Type Values Removed Values Added
References () https://github.com/taynes-llllzt/taynes/issues/7#issue-2792259251 - () https://github.com/taynes-llllzt/taynes/issues/7#issue-2792259251 - Exploit, Third Party Advisory
References () https://vuldb.com/?ctiid.293237 - () https://vuldb.com/?ctiid.293237 - Permissions Required, VDB Entry
References () https://vuldb.com/?id.293237 - () https://vuldb.com/?id.293237 - Third Party Advisory, VDB Entry
References () https://github.com/taynes-llllzt/taynes/issues/7 - () https://github.com/taynes-llllzt/taynes/issues/7 - Exploit, Third Party Advisory
References () https://vuldb.com/?submit.483364 - () https://vuldb.com/?submit.483364 - Third Party Advisory, VDB Entry
CPE cpe:2.3:a:dcatadmin:dcat_admin:2.2.1:beta:*:*:*:*:*:*
CVSS v2 : unknown
v3 : 2.4 		v2 : unknown
v3 : 4.8
First Time Dcatadmin dcat Admin
Dcatadmin

24 Jan 2025, 21:15

Type Values Removed Values Added
New CVE
Information

Published : 2025-01-24 21:15

Updated : 2025-05-07 20:03

NVD link : CVE-2025-0709

Mitre link : CVE-2025-0709

JSON object : View

Products Affected

dcatadmin

  • dcat_admin
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CWE-94

Improper Control of Generation of Code ('Code Injection')