Skip to main content

CVE-2025-51531: n/a

Medium
VulnerabilityCVE-2025-51531cvecve-2025-51531
Published: Wed Aug 06 2025 (08/06/2025, 00:00:00 UTC)
Source: CVE Database V5

Description

A reflected cross-site scripting (XSS) vulnerability in Sage DPW 2024_12_004 and earlier allows attackers to execute arbitrary JavaScript in the context of a victim's browser via injecting a crafted payload into the tabfields parameter at /dpw/scripts/cgiip.exe/WService. The vendor has stated that the issue is fixed in 2025_06_000, released in June 2025.

AI-Powered Analysis

AILast updated: 08/14/2025, 00:55:23 UTC

Technical Analysis

CVE-2025-51531 is a reflected cross-site scripting (XSS) vulnerability identified in Sage DPW versions 2024_12_004 and earlier. This vulnerability allows an attacker to inject arbitrary JavaScript code into the victim's browser by crafting a malicious payload targeting the 'tabfields' parameter in the endpoint /dpw/scripts/cgiip.exe/WService. When a victim accesses a URL containing this payload, the injected script executes in the context of the victim's browser session. This can lead to theft of sensitive information such as session cookies, user credentials, or other data accessible via the browser, as well as potential redirection to malicious sites or execution of further attacks. The vulnerability is classified under CWE-79, which covers improper neutralization of input leading to XSS. The vendor has addressed this issue in the 2025_06_000 release, made available in June 2025. The CVSS v3.1 base score is 6.1, indicating a medium severity level. The vector string (AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) shows that the attack can be performed remotely over the network without privileges, requires user interaction (victim must click a crafted link), and impacts confidentiality and integrity with a scope change, but does not affect availability. No known exploits are currently reported in the wild, but the vulnerability remains a risk until patched.

Potential Impact

For European organizations using Sage DPW software, this vulnerability poses a moderate risk. Exploitation could lead to unauthorized disclosure of sensitive information such as authentication tokens or personal data, potentially violating GDPR requirements. Attackers could leverage this to hijack user sessions or perform phishing attacks by injecting malicious scripts that mimic legitimate interfaces. This could undermine trust in affected services and lead to reputational damage. Since the vulnerability requires user interaction, the risk is somewhat mitigated by user awareness, but targeted spear-phishing campaigns could still be effective. The scope change in the CVSS vector indicates that exploitation could affect resources beyond the initially vulnerable component, potentially impacting multiple users or systems within an organization. Given the widespread use of Sage products in finance, accounting, and enterprise resource planning across Europe, the impact could be significant if not addressed promptly.

Mitigation Recommendations

European organizations should immediately verify their Sage DPW software version and prioritize upgrading to version 2025_06_000 or later, where the vulnerability is fixed. Until patching is complete, organizations should implement web application firewall (WAF) rules to detect and block suspicious requests containing malicious payloads targeting the 'tabfields' parameter. Security teams should conduct user awareness training focused on the risks of clicking unknown or suspicious links, especially those related to internal applications. Additionally, organizations should review and tighten Content Security Policy (CSP) headers to restrict the execution of unauthorized scripts in browsers. Regular monitoring of web server logs for unusual query parameters or repeated attempts to exploit this endpoint can help detect potential attacks. Finally, ensure that multi-factor authentication (MFA) is enabled for all user accounts to reduce the impact of session hijacking attempts.

Need more detailed analysis?Get Pro

Technical Details

Data Version
5.1
Assigner Short Name
mitre
Date Reserved
2025-06-16T00:00:00.000Z
Cvss Version
null
State
PUBLISHED

Threat ID: 68937ca5ad5a09ad00f26742

Added to database: 8/6/2025, 4:02:45 PM

Last enriched: 8/14/2025, 12:55:23 AM

Last updated: 8/18/2025, 1:22:21 AM

Views: 19

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats