Exploiting CVE-2025-37947 (Linux kernel's ksmbd)

Source: https://blog.doyensec.com/2025/10/08/ksmbd-3.html

Reddit NetSec

Detailed information about Exploiting CVE-2025-37947 (Linux kernel's ksmbd). Get real-time updates, technical details, and mitigation strategies.

Exploiting CVE-2025-37947 (Linux kernel's ksmbd) - Live Threat Intelligence - Threat Radar | OffSeq.com

Exploiting CVE-2025-37947 (Linux kernel's ksmbd)

Reddit Discussion: Exploiting CVE-2025-37947 (Linux kernel's ksmbd)

CVE-2025-41089 is a reflected Cross-Site Scripting (XSS) vulnerability in Xibo CMS version 4. 1. 2, a digital signage content management system. The flaw arises from improper input validation in the 'Configuration Name' field of certain template elements, such as the 'Clock' widget. An attacker with limited privileges can exploit this by creating or modifying templates to inject malicious scripts. The vulnerability has a medium severity with a CVSS score of 4. 8, requiring no authentication but some user interaction. While no known exploits are currently in the wild, successful exploitation could lead to session hijacking, defacement, or redirection attacks. European organizations using Xibo CMS for digital signage should prioritize patching or applying mitigations to prevent potential exploitation. Countries with higher adoption of Xibo CMS and significant digital signage deployments, such as the UK, Germany, and France, are more likely to be impacted.

CVE-2025-41089 is a reflected Cross-Site Scripting (XSS) vulnerability identified in Xibo CMS version 4.1.2, a widely used open-source digital signage content management system. The vulnerability stems from improper neutralization of user input during web page generation, specifically in the 'Configuration Name' field of template elements like the 'Clock' widget. An attacker with limited privileges can exploit this by creating or modifying a template in the 'Templates' section and injecting malicious JavaScript code into the 'Configuration Name' field. When a victim views the affected page, the malicious script executes in their browser context, potentially allowing session hijacking, credential theft, or unauthorized actions within the CMS interface. The CVSS 4.0 vector indicates the attack requires no authentication (AV:N), low attack complexity (AC:L), no privileges (PR:L), and user interaction (UI:A). The vulnerability does not affect confidentiality, integrity, or availability directly but can lead to indirect impacts through session compromise or social engineering. No patches or known exploits are currently available, but the vulnerability is publicly disclosed and should be addressed promptly. The vulnerability is tracked under CWE-79, highlighting improper input validation as the root cause. Given Xibo CMS's role in managing digital signage content, exploitation could also lead to defacement or misinformation dissemination on public displays.

CVE Database V5

Detailed information about CVE-2025-41089: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in Xibo Signage Xi

CVE-2025-41089: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in Xibo Signage Xibo CMS - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-41089: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in Xibo Signage Xibo CMS

CVE-2025-41088 is a stored Cross-Site Scripting (XSS) vulnerability in Xibo Signage's Xibo CMS version 4. 1. 2. The flaw arises from improper input validation in the template and global elements management, allowing attackers with limited privileges to inject malicious scripts. Exploitation requires creating a template, adding a text element in global elements, and inserting a malicious payload in the text field. The vulnerability has a medium severity with a CVSS score of 5. 1, indicating moderate risk without known exploits in the wild. Successful exploitation could lead to session hijacking, defacement, or further attacks on users interacting with the CMS. European organizations using Xibo CMS for digital signage are at risk, especially those with public-facing or multi-user deployments. Mitigation involves applying input validation, restricting template editing privileges, and monitoring CMS activity.

CVE-2025-41088 is a stored Cross-Site Scripting (XSS) vulnerability identified in Xibo Signage's Xibo CMS version 4.1.2. This vulnerability stems from improper neutralization of user-supplied input during web page generation, specifically within the template management system. An attacker with limited privileges can exploit this by creating a template in the 'Templates' section, then adding a text element in the 'Global Elements' section, and finally injecting malicious JavaScript code into the 'Text' field. Because the input is not properly sanitized or validated, the malicious script is stored and later executed in the context of users who view the affected CMS pages. The vulnerability has a CVSS 4.0 base score of 5.1, reflecting medium severity, with characteristics including network attack vector, low attack complexity, no privileges required beyond limited template editing rights, and user interaction needed to trigger the payload. There are no known exploits in the wild as of the publication date. The vulnerability could allow attackers to perform actions such as session hijacking, defacement, or delivering further payloads to users interacting with the CMS interface. The issue is classified under CWE-79, which covers improper neutralization of input leading to XSS. The vulnerability affects version 4.1.2 of Xibo CMS, a popular open-source digital signage content management system used globally to manage and display digital content on signage networks.

Detailed information about CVE-2025-41088: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in Xibo Signage Xi

CVE-2025-41088: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in Xibo Signage Xibo CMS - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-41088: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in Xibo Signage Xibo CMS

Inclusion of Functionality from Untrusted Control Sphere vulnerability in HCL MyXalytics. v6.6
allows Loading third-party scripts without integrity checks or validation can allow external code run in the application's context, risking data exposure.

CVE-2025-52655 identifies a security weakness in HCL MyXalytics version 6.6, specifically categorized under CWE-829: Inclusion of Functionality from Untrusted Control Sphere. The vulnerability arises because the application loads third-party scripts without performing integrity checks or validating their source. This lack of validation allows potentially malicious external code to run within the application's context, which can lead to unauthorized actions or data exposure. Although the vulnerability does not directly compromise confidentiality or availability, it poses a risk of integrity loss if an attacker can trick users into triggering the execution of malicious scripts. The CVSS 3.1 score of 3.1 reflects a low severity, mainly due to the requirement for user interaction and the high complexity of exploitation. No patches or known exploits have been published yet, indicating that the vulnerability is newly disclosed and not actively exploited. The vulnerability's nature suggests that attackers would need to convince users to interact with malicious content that loads untrusted scripts, which could be leveraged in targeted phishing or social engineering campaigns. The absence of authentication requirements means that any user can be targeted, but the attack complexity and user interaction reduce the overall risk. Organizations relying on HCL MyXalytics 6.6 should monitor for updates and consider additional controls to mitigate the risk of script injection or execution from untrusted sources.

Detailed information about CVE-2025-52655: CWE-829 Inclusion of Functionality from Untrusted Control Sphere in HCL HCL MyXalytics affecting HCL HCL MyXalytics. 

CVE-2025-52655: CWE-829 Inclusion of Functionality from Untrusted Control Sphere in HCL HCL MyXalytics - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-52655: CWE-829 Inclusion of Functionality from Untrusted Control Sphere in HCL HCL MyXalytics

Inline script execution allowed in CSP vulnerability has been identified in HCL AION v2.0

Detailed information about CVE-2025-52650: CWE-1032 in HCL HCL AION affecting HCL HCL AION. Get real-time updates, technical details, and mitigation strategies.

CVE-2025-52650: CWE-1032 in HCL HCL AION

CVE-2025-52650: CWE-1032 in HCL HCL AION

Description

Technical Details

Community Reviews

Related Threats

CVE-2025-41089: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in Xibo Signage Xibo CMS

CVE-2025-41088: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in Xibo Signage Xibo CMS

CVE-2025-52655: CWE-829 Inclusion of Functionality from Untrusted Control Sphere in HCL HCL MyXalytics

CVE-2025-40646: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in Status Tracker Energy CRM

CVE-2025-40640: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in Status Tracker Energy CRM

Actions

External Links

Need enhanced features?

Latest Threats

Keyboard Shortcuts

Navigation

Search & Filters

UI Controls

Accessibility