CVE-2025-63725 – This reflected XSS vulnerability in SVX Portal ... (How to Fix)

Q: What is the severity of CVE-2025-63725?

CVE-2025-63725 has a CVSS score of 6.1 (MEDIUM). This reflected XSS vulnerability in SVX Portal 2.7A allows attackers to inject malicious scripts via the id parameter in Recivers.php. When exploited, these scripts execute in victims' browsers, potentially stealing session cookies, redirecting users, or performing actions on their behalf. Organizations running SVX Portal 2.7A are affected.

📋 TL;DR

This reflected XSS vulnerability in SVX Portal 2.7A allows attackers to inject malicious scripts via the id parameter in Recivers.php. When exploited, these scripts execute in victims' browsers, potentially stealing session cookies, redirecting users, or performing actions on their behalf. Organizations running SVX Portal 2.7A are affected.

💻 Affected Systems

Products:

SVX Portal

Versions: 2.7A

Operating Systems: Any OS running SVX Portal

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability exists in default installation; requires web access to Recivers.php endpoint.

📦 What is this software?

Svx Portal by Radioinorr

View all CVEs affecting Svx Portal →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers steal administrator session cookies, gain full administrative access to the portal, and potentially compromise the entire system or pivot to internal networks.

🟠

Likely Case

Attackers steal user session cookies to hijack accounts, redirect users to phishing sites, or deface the portal interface.

🟢

If Mitigated

Script execution is blocked by modern browser XSS protections or CSP headers, limiting impact to minor UI disruption.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires user interaction (clicking malicious link) but is trivial to craft.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: None found

Restart Required: No

Instructions:

No official patch available. Implement workarounds or upgrade to a newer version if available.

🔧 Temporary Workarounds

Input Validation and Sanitization

all

Add server-side validation to sanitize the id parameter in Recivers.php

Edit Recivers.php to add: $id = htmlspecialchars($_GET['id'], ENT_QUOTES, 'UTF-8');

Web Application Firewall (WAF) Rules

all

Block malicious XSS payloads in the id parameter

Add WAF rule: Block requests with <script>, javascript:, or on* attributes in id parameter

🧯 If You Can't Patch

Implement Content Security Policy (CSP) headers to restrict script execution
Restrict access to Recivers.php endpoint via network ACLs or authentication

🔍 How to Verify

Check if Vulnerable:

Test by accessing Recivers.php?id=<script>alert('XSS')</script> and checking if script executes

Check Version:

Check SVX Portal version in admin interface or configuration files

Verify Fix Applied:

Test same payload after fixes; script should not execute and should be properly encoded

📡 Detection & Monitoring

Log Indicators:

HTTP requests to Recivers.php with suspicious id parameter values containing script tags or JavaScript

Network Indicators:

Unusual outbound connections from portal server after XSS exploitation

SIEM Query:

source="web_logs" AND uri="/Recivers.php" AND query CONTAINS "<script>" OR "javascript:"

📊 Metadata

CVE ID: CVE-2025-63725

CVSS v3 Score: 6.1 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CWE: CWE-79

EPSS Score: 0.05% exploit probability (15.6th percentile)

Published: November 14, 2025

Last Updated: January 12, 2026

🔗 References

https://deepstrike.io/blog/reflected-xss-via-unescaped-attribute-context-in-svx-portal Exploit,Third Party Advisory
https://deepstrike.io/blog/sql-injection-in-svx-portal-v-2-7A Not Applicable

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-63725, you might also want to check these: