Cadclick

1 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest

CVE-2025-25905 HIGH POC This Week

CVE-2025-25905 is a Reflected Cross-Site Scripting (XSS) vulnerability in CADClick versions 1.13.0 and earlier that allows unauthenticated remote attackers to inject arbitrary HTML and JavaScript through the 'tree' parameter. Successful exploitation requires user interaction (clicking a malicious link) but can lead to session hijacking, credential theft, and defacement. The vulnerability has a CVSS score of 7.1 (high severity) with a moderate attack complexity, indicating it is practically exploitable in real-world scenarios.

XSS Cadclick

NVD

CVSS 3.1

7.1

EPSS

0.1%

CVE-2025-25905

EPSS 0% CVSS 7.1

HIGH POC This Week

CVE-2025-25905 is a Reflected Cross-Site Scripting (XSS) vulnerability in CADClick versions 1.13.0 and earlier that allows unauthenticated remote attackers to inject arbitrary HTML and JavaScript through the 'tree' parameter. Successful exploitation requires user interaction (clicking a malicious link) but can lead to session hijacking, credential theft, and defacement. The vulnerability has a CVSS score of 7.1 (high severity) with a moderate attack complexity, indicating it is practically exploitable in real-world scenarios.

XSS Cadclick

NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy