How to fix CVE-2025-43955?

During next maintenance window: Apply vendor patches when convenient. Monitor vendor channels for updates.

Is Convertigo affected by CVE-2025-43955?

CVE-2025-43955 is a low-severity vulnerability in Convertigo (CVSS 2.2). The limited severity suggests constrained impact, typically requiring specific conditions or local access for exploitation. Apply vendor updates when available as part of routine maintenance.

Convertigo CVE-2025-43955

LOW

Exposed Dangerous Method or Function (CWE-749)

2025-04-20 [email protected]

Information Disclosure Convertigo

2.2

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N

Attack Vector

Local

Attack Complexity

High

Privileges Required

Low

User Interaction

Required

Scope

Unchanged

Confidentiality

None

Integrity

Low

Availability

None

Lifecycle Timeline

Analysis Generated

Mar 28, 2026 - 18:37 vuln.today

PoC Detected

May 13, 2025 - 14:26 vuln.today

Public exploit code

CVE Published

Apr 20, 2025 - 20:15 nvd

LOW 2.2

DescriptionNVD

TwsCachedXPathAPI in Convertigo through 8.3.4 does not restrict the use of commons-jxpath APIs.

AnalysisAI

TwsCachedXPathAPI in Convertigo through 8.3.4 does not restrict the use of commons-jxpath APIs. Rated low severity (CVSS 2.2). Public exploit code available and no vendor patch available.

Technical ContextAI

This vulnerability is classified under CWE-749. TwsCachedXPathAPI in Convertigo through 8.3.4 does not restrict the use of commons-jxpath APIs. Affected products include: Convertigo. Version information: through 8.3.4.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2025-43955 vulnerability details – vuln.today

Back