CVE-2025-54175 – QuickCMS.EXT is vulnerable to reflected cross-s... (How to Fix)

Q: What is the severity of CVE-2025-54175?

CVE-2025-54175 has a CVSS score of 6.1 (MEDIUM). QuickCMS.EXT is vulnerable to reflected cross-site scripting (XSS) in the thumbnail viewer functionality via the sFileName parameter. Attackers can craft malicious URLs that execute arbitrary JavaScript in victims' browsers when visited. All users running vulnerable versions of QuickCMS.EXT are affected.

📋 TL;DR

QuickCMS.EXT is vulnerable to reflected cross-site scripting (XSS) in the thumbnail viewer functionality via the sFileName parameter. Attackers can craft malicious URLs that execute arbitrary JavaScript in victims' browsers when visited. All users running vulnerable versions of QuickCMS.EXT are affected.

💻 Affected Systems

Products:

QuickCMS.EXT

Versions: Version 6.8 confirmed vulnerable, other versions potentially vulnerable

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: Only version 6.8 was tested; vendor did not provide vulnerable version range details.

📦 What is this software?

Quick.cms.ext by Opensolution

View all CVEs affecting Quick.cms.ext →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete account takeover, session hijacking, credential theft, and malware distribution to users accessing the malicious URL.

🟠

Likely Case

Session hijacking, credential theft from logged-in administrators, and defacement of the CMS interface.

🟢

If Mitigated

Limited impact with proper input validation, output encoding, and Content Security Policy (CSP) headers in place.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires victim to click a malicious link; no authentication needed.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: UNKNOWN

Vendor Advisory: https://opensolution.org/professional-cms-system-quick-cms-ext.html

Restart Required: No

Instructions:

No official patch available. Consider workarounds or alternative CMS solutions.

🔧 Temporary Workarounds

Input Validation and Output Encoding

all

Implement server-side validation and HTML encoding for the sFileName parameter.

Content Security Policy (CSP)

all

Deploy a strict CSP header to block inline script execution and restrict script sources.

Content-Security-Policy: default-src 'self'; script-src 'self'

🧯 If You Can't Patch

Implement Web Application Firewall (WAF) rules to block XSS payloads in URL parameters.
Disable or restrict access to the thumbnail viewer functionality if not essential.

🔍 How to Verify

Check if Vulnerable:

Test by injecting a simple XSS payload into the sFileName parameter and checking if it executes.

Check Version:

Check CMS admin panel or configuration files for version information.

Verify Fix Applied:

Verify that XSS payloads are properly sanitized or blocked and do not execute in the browser.

📡 Detection & Monitoring

Log Indicators:

Unusual or malicious strings in URL parameters, especially sFileName.

Network Indicators:

HTTP requests with suspicious script tags or JavaScript in URL parameters.

SIEM Query:

source="web_logs" AND (url="*sFileName=*<script>*" OR url="*sFileName=*javascript:*")

📊 Metadata

CVE ID: CVE-2025-54175

CVSS v3 Score: 6.1 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CWE: CWE-79

EPSS Score: 0.03% exploit probability (7.1th percentile)

Published: August 20, 2025

Last Updated: September 8, 2025

🔗 References

https://cert.pl/posts/2025/08/CVE-2025-54172 Third Party Advisory
https://opensolution.org/professional-cms-system-quick-cms-ext.html Product

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-54175, you might also want to check these: