CVE Catalog

CVE-2025-67906

MediumCVSS 5.4
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.27%

19th percentile - higher than 19% of all known CVEs

Summary

In MISP before version 2.5.28, there is an XSS vulnerability in app/View/Elements/Workflows/executionPath.ctp, allowing for the injection of malicious code in the workflow execution path.

Risk Assessment

An attacker could exploit this vulnerability to hijack user sessions or steal data, posing a significant security threat to the application.

Recommendation

It is recommended to upgrade MISP to version 2.5.28 or later to mitigate this vulnerability.

Original NVD description (English source)

In MISP before 2.5.28, app/View/Elements/Workflows/executionPath.ctp allows XSS in the workflow execution path.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS