CVE-2025-62297 – SOPlanning web application is vulnerable to sto... (How to Fix)

Q: What is the severity of CVE-2025-62297?

CVE-2025-62297 has a CVSS score of 5.4 (MEDIUM). SOPlanning web application is vulnerable to stored cross-site scripting (XSS) in the /projets endpoint. An attacker with medium privileges can inject malicious HTML and JavaScript that executes when other users view the compromised project pages. This affects all SOPlanning installations below version 1.55.

📋 TL;DR

SOPlanning web application is vulnerable to stored cross-site scripting (XSS) in the /projets endpoint. An attacker with medium privileges can inject malicious HTML and JavaScript that executes when other users view the compromised project pages. This affects all SOPlanning installations below version 1.55.

💻 Affected Systems

Products:

SOPlanning

Versions: All versions before 1.55

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: Requires attacker to have medium privileges (ability to edit projects).

📦 What is this software?

Soplanning by Soplanning

View all CVEs affecting Soplanning →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attacker steals session cookies, performs account takeover, redirects users to malicious sites, or performs actions on behalf of authenticated users.

🟠

Likely Case

Attacker defaces project pages, steals session data from users viewing compromised pages, or performs limited client-side attacks.

🟢

If Mitigated

With proper input validation and output encoding, malicious scripts are rendered harmless as text rather than executable code.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires authenticated access with project editing permissions. XSS payloads are well-documented and easy to craft.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.55

Vendor Advisory: https://www.soplanning.org/en/

Restart Required: Yes

Instructions:

1. Backup current SOPlanning installation and database. 2. Download version 1.55 from official website. 3. Replace existing files with new version. 4. Restart web server. 5. Verify functionality.

🔧 Temporary Workarounds

Input Validation Filter

all

Implement server-side input validation to sanitize HTML/JS in project data

Modify /projets endpoint code to sanitize user input using HTML entity encoding

Content Security Policy

all

Implement CSP headers to restrict script execution

Add 'Content-Security-Policy: script-src 'self'' to HTTP headers

🧯 If You Can't Patch

Restrict project editing permissions to trusted administrators only
Implement web application firewall (WAF) rules to block XSS payloads

🔍 How to Verify

Check if Vulnerable:

Check SOPlanning version in admin panel or by examining source files. If version < 1.55, system is vulnerable.

Check Version:

Check admin dashboard or examine version.txt in installation directory

Verify Fix Applied:

After upgrading to 1.55, test XSS payload injection in project fields - scripts should be rendered as text, not executed.

📡 Detection & Monitoring

Log Indicators:

Unusual project edits by medium-privilege users
HTML/JS patterns in project data fields

Network Indicators:

HTTP POST requests to /projets with script tags or JavaScript code

SIEM Query:

source="web_logs" AND uri="/projets" AND (method="POST" OR method="PUT") AND (content CONTAINS "<script>" OR content CONTAINS "javascript:")

📊 Metadata

CVE ID: CVE-2025-62297

CVSS v3 Score: 5.4 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

CWE: CWE-79

EPSS Score: 0.04% exploit probability (11.6th percentile)

Published: November 20, 2025

Last Updated: November 24, 2025

🔗 References

https://cert.pl/en/posts/2025/11/CVE-2025-62293 Third Party Advisory
https://www.soplanning.org/en/ Product

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-62297, you might also want to check these: