CVE-2025-25908 – A stored cross-site scripting (XSS) vulnerabili... (How to Fix)

Q: What is the severity of CVE-2025-25908?

CVE-2025-25908 has a CVSS score of 5.4 (MEDIUM). A stored cross-site scripting (XSS) vulnerability in tianti v2.3 allows attackers to inject malicious scripts into the coverImageURL parameter when saving articles. This affects all users of tianti v2.3 who can access the article saving functionality, potentially compromising user sessions and data.

📋 TL;DR

A stored cross-site scripting (XSS) vulnerability in tianti v2.3 allows attackers to inject malicious scripts into the coverImageURL parameter when saving articles. This affects all users of tianti v2.3 who can access the article saving functionality, potentially compromising user sessions and data.

💻 Affected Systems

Products:

tianti

Versions: v2.3

Operating Systems: all

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability exists in default configuration when using the article saving functionality.

📦 What is this software?

Tianti by Tianti Project

View all CVEs affecting Tianti →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could steal admin credentials, deface the website, redirect users to malicious sites, or perform actions on behalf of authenticated users.

🟠

Likely Case

Session hijacking, cookie theft, and unauthorized actions performed by authenticated users who view the malicious article.

🟢

If Mitigated

Limited impact with proper input validation and output encoding, potentially only affecting users who directly interact with the malicious content.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires ability to save articles (typically authenticated access). The GitHub issue shows proof of concept.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: unknown

Vendor Advisory: https://github.com/xujeff/tianti/issues/40

Restart Required: No

Instructions:

No official patch available. Implement input validation and output encoding as workaround.

🔧 Temporary Workarounds

Input Validation and Sanitization

all

Implement server-side validation to reject or sanitize malicious input in coverImageURL parameter

Content Security Policy

all

Implement CSP headers to restrict script execution sources

🧯 If You Can't Patch

Disable article saving functionality if not required
Implement WAF rules to block XSS payloads in coverImageURL parameter

🔍 How to Verify

Check if Vulnerable:

Test by attempting to save an article with JavaScript payload in coverImageURL field and check if it executes when viewing the article.

Check Version:

Check tianti version in configuration files or admin panel

Verify Fix Applied:

Test the same payload after implementing fixes to confirm it's properly sanitized or blocked.

📡 Detection & Monitoring

Log Indicators:

Unusual coverImageURL values containing script tags or JavaScript in article save requests
Multiple failed article save attempts with suspicious payloads

Network Indicators:

HTTP POST requests to /article/ajax/save with script content in parameters

SIEM Query:

source="web_logs" AND uri="/article/ajax/save" AND (param="coverImageURL" CONTAINS "<script>" OR param="coverImageURL" CONTAINS "javascript:")

📊 Metadata

CVE ID: CVE-2025-25908

CVSS v3 Score: 5.4 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

CWE: CWE-79

EPSS Score: 0.07% exploit probability (21.2th percentile)

Published: March 10, 2025

Last Updated: June 23, 2025

🔗 References

https://github.com/xujeff/tianti/issues/40 Exploit

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-25908, you might also want to check these: