Which versions of Ligerosmart are affected by CVE-2025-15437?

CVE-2025-15437 is a low-severity vulnerability in LigeroSmart involving cross-site scripting (CVSS 3.5).. A patch is available.

Is there a public PoC exploit available for CVE-2025-15437?

Yes, a public proof-of-concept exploit is available for CVE-2025-15437. Prioritise patching immediately. EPSS: 0.0%.

How to fix or mitigate CVE-2025-15437?

During next maintenance window: Apply vendor patches when convenient. Verify cross-site scripting controls are in place.

Ligerosmart CVE-2025-15437

Q: What is the CVSS score of CVE-2025-15437?

CVE-2025-15437 has a CVSS 4.0 base score of 2.0 (Low). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.0%.

LOW

Cross-site Scripting (XSS) (CWE-79)

2026-01-02 cna@vuldb.com

XSS Ligerosmart

2.0

CVSS 4.0 · NVD

Severity by source

NVD PRIMARY

2.0 LOW

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

Scope

Lifecycle Timeline

CVSS changed

Apr 29, 2026 - 01:11 NVD

3.5 (LOW) 2.0 (LOW)

Analysis Generated

Mar 12, 2026 - 21:54 vuln.today

PoC Detected

Feb 27, 2026 - 03:39 vuln.today

Public exploit code

Patch released

Feb 27, 2026 - 03:39 nvd

Patch available

CVE Published

Jan 02, 2026 - 09:15 nvd

LOW 3.5

DescriptionCVE.org

A vulnerability was found in LigeroSmart up to 6.1.24. This affects an unknown part of the component Environment Variable Handler. Performing a manipulation of the argument REQUEST_URI results in cross site scripting. The attack may be initiated remotely. The exploit has been made public and could be used. Upgrading to version 6.1.26 and 6.3 is able to mitigate this issue. The patch is named 264ac5b2be5b3c673ebd8cb862e673f5d300d9a7. The affected component should be upgraded.

AnalysisAI

A vulnerability was found in LigeroSmart up to 6.1.24. This affects an unknown part of the component Environment Variable Handler. [CVSS 3.5 LOW]

Technical ContextAI

Classified as CWE-79 (Cross-site Scripting (XSS)). Affects Ligerosmart. A vulnerability was found in LigeroSmart up to 6.1.24. This affects an unknown part of the component Environment Variable Handler. Performing a manipulation of the argument REQUEST_URI results in cross site scripting. The attack may be initiated remotely. The exploit has been made public and could be used. Upgrading to version 6.1.26 and 6.3 is able to mitigate this issue. The patch is named 264ac5b2be5b3c673ebd8cb862e673f5d300d9a7. The affected component should be upgraded.

RemediationAI

A vendor patch is available — apply it immediately. Implement output encoding and Content Security Policy headers. Restrict network access to the affected service where possible.

CVE-2025-15437 vulnerability details – vuln.today

Back