CVE-2025-41106 – This CVE describes an HTML injection vulnerabil... (How to Fix)

Q: What is the severity of CVE-2025-41106?

CVE-2025-41106 has a CVSS score of 5.4 (MEDIUM). This CVE describes an HTML injection vulnerability in Fairsketch's RISE CRM Framework v3.8.1. Attackers can inject malicious HTML code via the 'first_name' parameter in POST requests to '/clients/save_contact/', potentially leading to cross-site scripting attacks. Organizations using this specific version of RISE CRM are affected.

📋 TL;DR

This CVE describes an HTML injection vulnerability in Fairsketch's RISE CRM Framework v3.8.1. Attackers can inject malicious HTML code via the 'first_name' parameter in POST requests to '/clients/save_contact/', potentially leading to cross-site scripting attacks. Organizations using this specific version of RISE CRM are affected.

💻 Affected Systems

Products:

Fairsketch RISE CRM Framework

Versions: v3.8.1

Operating Systems: Any

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects installations with the vulnerable '/clients/save_contact/' endpoint accessible.

📦 What is this software?

Rise Ultimate Project Manager by Fairsketch

View all CVEs affecting Rise Ultimate Project Manager →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full account takeover through session hijacking, credential theft via phishing pages, or complete client data compromise if combined with other vulnerabilities.

🟠

Likely Case

Limited defacement, phishing attacks targeting CRM users, or stealing session cookies from authenticated users.

🟢

If Mitigated

Minimal impact with proper input validation, output encoding, and Content Security Policy (CSP) headers in place.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Requires ability to send POST requests to the vulnerable endpoint, which typically requires some level of access or authentication.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-fairsketchs-rise-crm-framework

Restart Required: No

Instructions:

1. Monitor vendor for patch release. 2. Apply patch when available. 3. Test in non-production environment first. 4. Deploy to production.

🔧 Temporary Workarounds

Input Validation Filter

all

Implement server-side input validation to sanitize HTML tags in the 'first_name' parameter

WAF Rule

all

Deploy web application firewall rules to block HTML injection patterns in POST parameters

🧯 If You Can't Patch

Restrict access to '/clients/save_contact/' endpoint to trusted IP addresses only
Implement Content Security Policy (CSP) headers to mitigate XSS impact

🔍 How to Verify

Check if Vulnerable:

Test by sending POST request to '/clients/save_contact/' with HTML payload in 'first_name' parameter and check if rendered unsanitized

Check Version:

Check CRM admin panel or configuration files for version information

Verify Fix Applied:

Repeat vulnerability test after applying fix - HTML should be properly encoded or rejected

📡 Detection & Monitoring

Log Indicators:

Unusual POST requests to '/clients/save_contact/' with HTML tags in parameters
Multiple failed validation attempts

Network Indicators:

HTML/script patterns in POST body parameters
Unusual content-type headers

SIEM Query:

source="web_server" AND uri="/clients/save_contact/" AND (param="first_name" CONTAINS "<" OR param="first_name" CONTAINS ">")

📊 Metadata

CVE ID: CVE-2025-41106

CVSS v3 Score: 5.4 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

CWE: CWE-79

EPSS Score: 0.04% exploit probability (11.3th percentile)

Published: November 11, 2025

Last Updated: November 17, 2025

🔗 References

https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-fairsketchs-rise-crm-framework Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-41106, you might also want to check these: