CVE-2025-65881 – CVE-2025-65881 is a Cross-Site Scripting (XSS) ... (How to Fix)

Q: What is the severity of CVE-2025-65881?

CVE-2025-65881 has a CVSS score of 6.1 (MEDIUM). CVE-2025-65881 is a Cross-Site Scripting (XSS) vulnerability in Sourcecodester Zoo Management System v1.0's login component. Attackers can inject malicious scripts into the login page, potentially compromising user sessions. Organizations using this specific version of the software are affected.

📋 TL;DR

CVE-2025-65881 is a Cross-Site Scripting (XSS) vulnerability in Sourcecodester Zoo Management System v1.0's login component. Attackers can inject malicious scripts into the login page, potentially compromising user sessions. Organizations using this specific version of the software are affected.

💻 Affected Systems

Products:

Sourcecodester Zoo Management System

Versions: v1.0

Operating Systems: Any

Default Config Vulnerable: ⚠️ Yes

Notes: Affects the /classes/Login.php file specifically. Any deployment using this version is vulnerable.

📦 What is this software?

Zoo Management System by Oretnom23

View all CVEs affecting Zoo Management System →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers steal administrator credentials, gain full system control, and potentially pivot to other systems in the network.

🟠

Likely Case

Session hijacking of regular users, credential theft, and defacement of the login page.

🟢

If Mitigated

Limited impact with proper input validation and output encoding in place.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Public proof-of-concept code is available on GitHub, making exploitation straightforward for attackers.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Not available

Vendor Advisory: Not available

Restart Required: No

Instructions:

No official patch exists. Consider implementing workarounds or replacing the software.

🔧 Temporary Workarounds

Input Validation and Output Encoding

all

Manually sanitize user inputs in /classes/Login.php to prevent script injection.

Edit /classes/Login.php to implement proper input validation and output encoding functions like htmlspecialchars() in PHP.

Web Application Firewall (WAF)

all

Deploy a WAF with XSS protection rules to block malicious payloads.

Configure WAF rules to detect and block XSS patterns in login requests.

🧯 If You Can't Patch

Isolate the Zoo Management System behind a reverse proxy with strict input filtering.
Implement strong session management and use HTTP-only cookies to limit XSS impact.

🔍 How to Verify

Check if Vulnerable:

Review /classes/Login.php for lack of input sanitization. Test with a harmless XSS payload like <script>alert('test')</script> in login fields.

Check Version:

Check the software version in the system's admin panel or configuration files.

Verify Fix Applied:

After applying workarounds, test with the same XSS payload to ensure it's properly sanitized or blocked.

📡 Detection & Monitoring

Log Indicators:

Unusual script tags or JavaScript in login request logs.
Multiple failed login attempts with suspicious payloads.

Network Indicators:

HTTP requests to /classes/Login.php containing script tags or encoded JavaScript.

SIEM Query:

source="web_logs" AND uri="/classes/Login.php" AND (payload CONTAINS "<script>" OR payload CONTAINS "javascript:")

📊 Metadata

CVE ID: CVE-2025-65881

CVSS v3 Score: 6.1 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CWE: CWE-79

EPSS Score: 0.06% exploit probability (18.3th percentile)

Published: December 2, 2025

Last Updated: December 5, 2025

🔗 References

https://gist.github.com/MMAKINGDOM/17b85a6e077f08134ee96850f162ed8f Exploit,Mitigation,Third Party Advisory
https://github.com/MMAKINGDOM/CVE-2025-65881/ Exploit,Mitigation,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-65881, you might also want to check these: