CVE-2025-65233 – This reflected cross-site scripting (XSS) vulne... (How to Fix)

Q: What is the severity of CVE-2025-65233?

CVE-2025-65233 has a CVSS score of 6.1 (MEDIUM). This reflected cross-site scripting (XSS) vulnerability in SLiMS allows attackers to inject malicious JavaScript via crafted URLs. When victims visit manipulated links, attackers can steal session cookies, redirect users, or perform actions on their behalf. All SLiMS installations before version 9.6.0 are affected.

📋 TL;DR

This reflected cross-site scripting (XSS) vulnerability in SLiMS allows attackers to inject malicious JavaScript via crafted URLs. When victims visit manipulated links, attackers can steal session cookies, redirect users, or perform actions on their behalf. All SLiMS installations before version 9.6.0 are affected.

💻 Affected Systems

Products:

SLiMS (Senayan Library Management System)

Versions: All versions before 9.6.0

Operating Systems: All operating systems running PHP

Default Config Vulnerable: ⚠️ Yes

Notes: Affects the sysconfig.inc.php component via $_SERVER['PHP_SELF'] parameter handling

📦 What is this software?

Slims by Slims Project

View all CVEs affecting Slims →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers steal administrator session cookies, gain full administrative access to the SLiMS system, and potentially compromise the entire library management system and its data.

🟠

Likely Case

Attackers steal user session cookies to impersonate legitimate users, potentially accessing sensitive library records or performing unauthorized actions.

🟢

If Mitigated

With proper input validation and output encoding, malicious scripts are neutralized, preventing successful exploitation.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires victim interaction (clicking malicious link) but is technically simple to execute

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 9.6.0

Vendor Advisory: https://github.com/slims/slims9_bulian/issues/185

Restart Required: No

Instructions:

1. Backup your SLiMS installation and database. 2. Download SLiMS 9.6.0 or later from the official repository. 3. Replace affected files, particularly sysconfig.inc.php. 4. Verify the patch by testing the vulnerable endpoint.

🔧 Temporary Workarounds

Input Validation Filter

all

Add input validation to sanitize $_SERVER['PHP_SELF'] parameter

Edit sysconfig.inc.php and add: $php_self = htmlspecialchars($_SERVER['PHP_SELF'], ENT_QUOTES, 'UTF-8');

Content Security Policy

all

Implement CSP headers to restrict script execution

Add to .htaccess: Header set Content-Security-Policy "default-src 'self'; script-src 'self'"
Or add to PHP: header("Content-Security-Policy: default-src 'self'; script-src 'self'");

🧯 If You Can't Patch

Implement web application firewall (WAF) rules to block XSS payloads in URLs
Restrict access to the sysconfig interface to trusted IP addresses only

🔍 How to Verify

Check if Vulnerable:

Access /index.php/sysconfig.inc.php with a test payload like: /index.php/sysconfig.inc.php/" onload="alert('XSS') and check if script executes

Check Version:

Check SLiMS version in system information or via: grep -r "version" includes/version.inc.php

Verify Fix Applied:

Test the same payload after patching - script should not execute and should be properly encoded in output

📡 Detection & Monitoring

Log Indicators:

Unusual long URLs containing script tags or JavaScript in access logs
Multiple failed attempts to access sysconfig.inc.php with encoded payloads

Network Indicators:

HTTP requests to sysconfig.inc.php with suspicious parameters containing <script> tags or JavaScript functions

SIEM Query:

source="web_access_logs" AND uri="*sysconfig.inc.php*" AND (uri="*<script>*" OR uri="*javascript:*" OR uri="*onload=*" OR uri="*onerror=*")

📊 Metadata

CVE ID: CVE-2025-65233

CVSS v3 Score: 6.1 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CWE: CWE-79

EPSS Score: 0.05% exploit probability (16.6th percentile)

Published: December 17, 2025

Last Updated: January 5, 2026

🔗 References

https://github.com/hbtw25/vulnerability-research/tree/main/CVE-2025-65233 Exploit,Third Party Advisory
https://github.com/slims/slims9_bulian/issues/185 Issue Tracking

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-65233, you might also want to check these: