CVE-2025-22917
📋 TL;DR
A reflected cross-site scripting (XSS) vulnerability in Audemium ERP allows attackers to inject malicious JavaScript via the 'type' parameter in list.php. This could lead to session hijacking, data theft, or redirection to malicious sites. Users of Audemium ERP version 0.9.0 and earlier are affected.
💻 Affected Systems
- Audemium ERP
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Attacker steals admin session cookies, gains full system access, exfiltrates sensitive data, or installs malware on user systems.
Likely Case
Attacker steals user session cookies to impersonate legitimate users, potentially accessing sensitive ERP data.
If Mitigated
With proper input validation and output encoding, the attack fails, causing no impact beyond failed exploitation attempts.
🎯 Exploit Status
Exploitation requires tricking a user into clicking a malicious link. No authentication needed.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Unknown
Vendor Advisory: Unknown
Restart Required: No
Instructions:
No official patch available. Consider upgrading if a newer version is released or apply workarounds.
🔧 Temporary Workarounds
Input Validation Filter
allAdd server-side validation to sanitize the 'type' parameter in list.php, allowing only expected values.
Modify list.php to validate/sanitize input before processing.
Web Application Firewall (WAF) Rule
allDeploy a WAF rule to block requests containing JavaScript in the 'type' parameter.
Add WAF rule: Block if request parameter 'type' contains '<script>' or 'javascript:'
🧯 If You Can't Patch
- Implement Content Security Policy (CSP) headers to restrict script execution.
- Use browser security features like HttpOnly and Secure flags for cookies to limit session theft impact.
🔍 How to Verify
Check if Vulnerable:
Test by accessing list.php with a payload like: list.php?type=<script>alert('XSS')</script> and check if script executes.Check Version:
Check ERP version in admin panel or configuration files; version should be >0.9.0 if patched.Verify Fix Applied:
After applying fixes, retest with the same payload; script should not execute and input should be sanitized.📡 Detection & Monitoring
Log Indicators:
- Log entries showing requests to list.php with suspicious 'type' parameter values containing script tags or JavaScript.
Network Indicators:
- HTTP requests with 'type' parameter containing encoded or obfuscated JavaScript payloads.
SIEM Query:
source="web_logs" AND uri="*list.php*" AND (param="*<script>*" OR param="*javascript:*")