CVE-2025-51502 – This vulnerability allows attackers to inject m... (How to Fix)

Q: What is the severity of CVE-2025-51502?

CVE-2025-51502 has a CVSS score of 6.1 (MEDIUM). This vulnerability allows attackers to inject malicious JavaScript via the layout parameter on the admin page creation interface in Microweber CMS. When exploited, it enables arbitrary code execution in the context of authenticated admin users, potentially compromising the entire CMS installation. Only Microweber CMS 2.0 installations with admin access are affected.

📋 TL;DR

This vulnerability allows attackers to inject malicious JavaScript via the layout parameter on the admin page creation interface in Microweber CMS. When exploited, it enables arbitrary code execution in the context of authenticated admin users, potentially compromising the entire CMS installation. Only Microweber CMS 2.0 installations with admin access are affected.

💻 Affected Systems

Products:

Microweber CMS

Versions: 2.0

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects installations where admin panel is accessible and the /admin/page/create endpoint exists.

📦 What is this software?

Microweber by Microweber

View all CVEs affecting Microweber →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attacker gains full administrative control over the CMS, can deface websites, steal sensitive data, install backdoors, or pivot to other systems in the network.

🟠

Likely Case

Attacker hijacks admin sessions to modify content, steal credentials, or perform limited administrative actions within the CMS.

🟢

If Mitigated

With proper input validation and output encoding, the attack is prevented, though the vulnerable parameter remains accessible.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires admin authentication but is straightforward once access is obtained. Proof of concept is available in public repositories.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2.0.1 or later

Vendor Advisory: https://github.com/microweber/microweber/security/advisories

Restart Required: No

Instructions:

1. Backup your Microweber installation. 2. Update to Microweber CMS version 2.0.1 or later via the admin panel or manual download. 3. Verify the update completed successfully.

🔧 Temporary Workarounds

Input Validation Filter

all

Add server-side validation to sanitize the layout parameter before processing.

Modify the relevant PHP file to include: $layout = htmlspecialchars($_GET['layout'], ENT_QUOTES, 'UTF-8');

Web Application Firewall Rule

all

Block malicious requests containing script tags in the layout parameter.

Add WAF rule: Block requests where layout parameter contains <script> or javascript: patterns

🧯 If You Can't Patch

Restrict admin panel access to trusted IP addresses only using .htaccess or firewall rules.
Implement Content Security Policy (CSP) headers to prevent inline script execution.

🔍 How to Verify

Check if Vulnerable:

Access /admin/page/create?layout=<script>alert('XSS')</script> as admin and check if script executes.

Check Version:

Check admin panel dashboard or view version.php file in installation root.

Verify Fix Applied:

After patching, test the same payload; it should be properly encoded and not execute.

📡 Detection & Monitoring

Log Indicators:

HTTP requests to /admin/page/create with suspicious layout parameter values containing script tags or encoded payloads

Network Indicators:

Unusual POST/GET requests to admin endpoints with JavaScript in parameters

SIEM Query:

source="web_logs" AND uri_path="/admin/page/create" AND (layout="*<script>*" OR layout="*javascript:*")

📊 Metadata

CVE ID: CVE-2025-51502

CVSS v3 Score: 6.1 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CWE: CWE-79

EPSS Score: 0.12% exploit probability (31.2th percentile)

Published: August 1, 2025

Last Updated: August 19, 2025

🔗 References

https://github.com/progprnv/CVE-Reports Third Party Advisory
https://github.com/progprnv/CVE-Reports/blob/main/CVE-2025-51502 Exploit,Third Party Advisory
https://github.com/progprnv/CVE-Reports/blob/main/MICROWEBER%20%5BAdmin%20Panel%5D%20Reflected%20XSS%20on%20layout%20parameter.md Broken Link

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-51502, you might also want to check these: