CVE-2025-57692 – PiranhaCMS 12.0 contains a stored cross-site sc... (How to Fix)

Q: What is the severity of CVE-2025-57692?

CVE-2025-57692 has a CVSS score of 6.8 (MEDIUM). PiranhaCMS 12.0 contains a stored cross-site scripting (XSS) vulnerability in the Text content block editor. Attackers can inject malicious JavaScript that executes in other users' browsers when they view affected pages. This affects all PiranhaCMS 12.0 installations using Standard or Standard Archive pages.

📋 TL;DR

PiranhaCMS 12.0 contains a stored cross-site scripting (XSS) vulnerability in the Text content block editor. Attackers can inject malicious JavaScript that executes in other users' browsers when they view affected pages. This affects all PiranhaCMS 12.0 installations using Standard or Standard Archive pages.

💻 Affected Systems

Products:

PiranhaCMS

Versions: 12.0

Operating Systems: all

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects Standard and Standard Archive page types with Text content blocks. Requires attacker to have access to /manager/pages editor.

📦 What is this software?

Piranha Cms by Dotnetfoundation

View all CVEs affecting Piranha Cms →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could steal administrator session cookies, perform actions as authenticated users, deface websites, or redirect users to malicious sites.

🟠

Likely Case

Attackers with editor access inject malicious scripts that execute when other users view pages, potentially stealing session data or performing limited unauthorized actions.

🟢

If Mitigated

With proper input validation and output encoding, malicious scripts are neutralized before reaching user browsers.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires authenticated access to the page editor. Exploitation involves injecting JavaScript into Text content blocks.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: v12.0.1 or later

Vendor Advisory: https://github.com/PiranhaCMS/piranha.core/releases/tag/v12.0

Restart Required: No

Instructions:

1. Backup your PiranhaCMS installation. 2. Update to v12.0.1 or later via package manager or manual download. 3. Verify the update completed successfully.

🔧 Temporary Workarounds

Input Validation Filter

all

Implement server-side input validation to sanitize HTML/JavaScript in Text content blocks

Content Security Policy

all

Implement strict CSP headers to restrict script execution

🧯 If You Can't Patch

Restrict editor access to trusted users only
Implement web application firewall rules to block XSS payloads

🔍 How to Verify

Check if Vulnerable:

Check if running PiranhaCMS version 12.0. Review Text content blocks for suspicious JavaScript.

Check Version:

Check PiranhaCMS admin panel or package manager for version information

Verify Fix Applied:

Confirm version is 12.0.1 or later. Test Text content block for XSS by attempting to inject basic script tags.

📡 Detection & Monitoring

Log Indicators:

Unusual content edits in Text blocks
Multiple failed XSS attempts in logs

Network Indicators:

Unexpected JavaScript execution in page responses

SIEM Query:

Search for patterns like <script> or javascript: in page edit logs

📊 Metadata

CVE ID: CVE-2025-57692

CVSS v3 Score: 6.8 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:L

CWE: CWE-79

EPSS Score: 0.1% exploit probability (26.6th percentile)

Published: September 26, 2025

Last Updated: October 7, 2025

🔗 References

https://github.com/PiranhaCMS/piranha.core/releases/tag/v12.0 Release Notes
https://github.com/Saconyfx/security-advisories/blob/main/CVE-2025-57692/advisory.md Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-57692, you might also want to check these: