RISE CRM CVE-2025-60378
HIGHSeverity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Authenticated user injects stored HTML (PR:L); realized phishing impact requires a recipient to view delivered content (UI:R) and is indirect/limited, so C:L/I:L, A:N.
Primary rating from Vendor (mitre).
CVSS VectorVendor: mitre
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Lifecycle Timeline
1DescriptionCVE.org
Stored HTML injection in RISE Ultimate Project Manager & CRM allows authenticated users to inject arbitrary HTML into invoices and messages. Injected content renders in emails, PDFs, and messaging/chat modules sent to clients or team members, enabling phishing, credential theft, and business email compromise. Automated recurring invoices and messaging amplify the risk by distributing malicious content to multiple recipients.
AnalysisAI
Stored HTML/script injection in RISE Ultimate Project Manager & CRM (vendor fairsketch) lets authenticated low-privilege users embed attacker-controlled markup into invoices and messages that later renders in outbound emails, generated PDFs, and the in-app messaging/chat modules delivered to clients and staff. Because injected content is stored server-side and redistributed-amplified by automated recurring invoices-it functions as a persistent phishing and credential-harvesting vector rather than a memory-corruption bug. Publicly available exploit code exists (GitHub PoC), but there is no public exploit identified as actively used in the wild, and the EPSS probability is modest at 1.06% (61st percentile).
Technical ContextAI
The affected product is fairsketch's RISE, a PHP/CodeIgniter-based commercial project management and CRM suite (CPE cpe:2.3:a:fairsketch:rise_ultimate_project_manager). The root cause is CWE-79 (Improper Neutralization of Input During Web Page Generation), meaning user-supplied invoice and message fields are stored without sanitization or output encoding and then interpolated into multiple rendering contexts. The notable characteristic here is multi-sink output: the same tainted data is emitted into HTML emails, server-side PDF generation, and the web chat/messaging UI, so a single injection propagates across several trust boundaries and audiences.
RemediationAI
No vendor-released patch or fixed version is identified at time of analysis, and no vendor advisory URL is provided, so track fairsketch/CodeCanyon release notes for a corrected build and apply it once published. As specific compensating controls: enforce strict server-side sanitization/output encoding on invoice and message fields (allowlist plain text or a minimal safe-HTML subset), which may remove legitimate formatting some users rely on; disable or restrict the automated recurring-invoice and bulk-messaging features that fan out injected content to many recipients, at the cost of manual invoice workflows; and place a WAF or template-level HTML filter in front of the email/PDF generation pipeline, accepting that PDF rendering of rich content may break. Restrict account creation and invoice/message authoring to trusted staff to raise the bar on the required authenticated foothold. Reference for exploitation details: https://github.com/ajansha/CVE-2025-60378.
index.php/team_members/add_team_member in RISE Ultimate Project Manager 2.3 has CSRF for adding authorized users. Rated
FairSketch Rise Ultimate Project Manager & CRM 3.9.4 is vulnerable to Insecure Permissions. Rated medium severity (CVSS
A cross-site scripting (XSS) vulnerability in FairSketch RISE Ultimate Project Manager & CRM 3.9.4 allows an administrat
A vulnerability was found in CodeCanyon RISE Ultimate Project Manager 3.8.2 and classified as problematic. Rated medium
A vulnerability has been found in CodeCanyon RISE Ultimate Project Manager 3.7.0 and classified as critical. Rated mediu
A vulnerability classified as problematic was found in CodeCanyon RISE Ultimate Project Manager 3.5.3. Rated medium seve
In Rise Ultimate Project Manager v1.8, XSS vulnerabilities were found in the My Profile section. Rated medium severity (
In Rise Ultimate Project Manager v1.8, XSS vulnerabilities were found in the Messaging section. Rated medium severity (C
HTML injection vulnerability found in Fairsketch's RISE CRM Framework v3.8.1, which consist of an HTML code injection du
HTML injection vulnerability found in Fairsketch's RISE CRM Framework v3.8.1, which consist of an HTML code injection du
HTML injection vulnerability found in Fairsketch's RISE CRM Framework v3.8.1, which consist of an HTML code injection du
HTML injection vulnerability found in Fairsketch's RISE CRM Framework v3.8.1, which consist of an HTML code injection du
Same weakness CWE-79 – Cross-site Scripting (XSS)
View allShare
External POC / Exploit Code
Leaving vuln.today