CVE-2025-61623 – This CVE describes a reflected cross-site scrip... (How to Fix)

Q: What is the severity of CVE-2025-61623?

CVE-2025-61623 has a CVSS score of 6.5 (MEDIUM). This CVE describes a reflected cross-site scripting (XSS) vulnerability in Apache OFBiz that allows attackers to inject malicious scripts into web pages. The vulnerability affects users of Apache OFBiz versions before 24.09.03. When exploited, it can enable session hijacking, credential theft, or redirection to malicious sites.

📋 TL;DR

This CVE describes a reflected cross-site scripting (XSS) vulnerability in Apache OFBiz that allows attackers to inject malicious scripts into web pages. The vulnerability affects users of Apache OFBiz versions before 24.09.03. When exploited, it can enable session hijacking, credential theft, or redirection to malicious sites.

💻 Affected Systems

Products:

Apache OFBiz

Versions: All versions before 24.09.03

Operating Systems: All platforms running Apache OFBiz

Default Config Vulnerable: ⚠️ Yes

Notes: The vulnerability exists in the web interface components of Apache OFBiz and affects all deployments using vulnerable versions.

📦 What is this software?

Ofbiz by Apache

View all CVEs affecting Ofbiz →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could steal administrator credentials, hijack user sessions, redirect users to phishing sites, or perform actions on behalf of authenticated users.

🟠

Likely Case

Attackers would typically use this to steal session cookies or credentials from users who click malicious links, potentially leading to account compromise.

🟢

If Mitigated

With proper input validation and output encoding, the impact would be limited to unsuccessful injection attempts that are blocked by security controls.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Reflected XSS typically requires user interaction (clicking a malicious link) but is straightforward to exploit once the vulnerable parameter is identified.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 24.09.03

Vendor Advisory: https://ofbiz.apache.org/security.html

Restart Required: Yes

Instructions:

1. Download Apache OFBiz 24.09.03 from https://ofbiz.apache.org/download.html
2. Backup your current installation and configuration
3. Stop the OFBiz service
4. Replace with the new version
5. Restart the OFBiz service
6. Verify the upgrade using the verification steps below

🔧 Temporary Workarounds

Web Application Firewall (WAF) Rules

all

Implement WAF rules to block XSS payloads in URL parameters

Input Validation Filter

all

Add custom input validation to sanitize user inputs in OFBiz

🧯 If You Can't Patch

Implement a Web Application Firewall (WAF) with XSS protection rules
Educate users about phishing risks and not clicking untrusted links

🔍 How to Verify

Check if Vulnerable:

Check the OFBiz version number in the admin interface or by examining the installation directory

Check Version:

Check the release-notes-24.09.03.html file or the admin dashboard version display

Verify Fix Applied:

After upgrading, verify the version shows 24.09.03 or later and test the previously vulnerable endpoints with XSS payloads

📡 Detection & Monitoring

Log Indicators:

Unusual URL parameters containing script tags or JavaScript code
Multiple failed XSS attempts in web server logs
Requests with suspicious characters like <, >, ", ' in URL parameters

Network Indicators:

HTTP requests containing script tags or JavaScript in URL parameters
Traffic patterns showing users being redirected to suspicious domains

SIEM Query:

source="ofbiz-logs" AND (url="*<script*" OR url="*javascript:*" OR url="*onerror=*" OR url="*onload=*")

📊 Metadata

CVE ID: CVE-2025-61623

CVSS v3 Score: 6.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

CWE: CWE-79

EPSS Score: 0.13% exploit probability (33.2th percentile)

Published: November 12, 2025

Last Updated: November 13, 2025

🔗 References

https://issues.apache.org/jira/browse/OFBIZ-13295 Issue Tracking
https://lists.apache.org/thread/sb2mngrg766qbqt5g29fo0qblk3v4x5y Mailing List,Vendor Advisory
https://ofbiz.apache.org/download.html Product
https://ofbiz.apache.org/release-notes-24.09.03.html Release Notes
https://ofbiz.apache.org/security.html Vendor Advisory
http://www.openwall.com/lists/oss-security/2025/11/11/2 Mailing List,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-61623, you might also want to check these: