CVE-2025-22741 describes a reflected Cross-site Scripting (XSS) vulnerability in the RiceTheme Felan Framework (up to version 1.1.3). The issue is caused by improper neutralization of input during web page generation, which allows attackers to inject malicious scripts that execute in the victim's browser. The vulnerability has a CVSS 3.1 base score of 7.1, indicating high severity with network attack vector, low attack complexity, no privileges required, user interaction required, and impacts on confidentiality, integrity, and availability. No patch or official remediation level has been provided by the vendor, and no known exploits have been reported.

Successful exploitation of this vulnerability could allow an attacker to execute arbitrary scripts in the context of a user's browser session, potentially leading to theft of sensitive information, session hijacking, or other malicious actions affecting confidentiality, integrity, and availability. The CVSS score of 7.1 reflects these impacts as high severity. However, no known active exploitation has been reported.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is released, users should consider implementing input validation and output encoding as temporary mitigations to reduce risk. Monitor official RiceTheme advisories for updates and apply patches promptly once available.