CVE Catalog
CVE-2025-67906
MediumCVSS 5.4Exploitation Probability (EPSS)
Low risk0.27%
19th percentile - higher than 19% of all known CVEs
Summary
In MISP before version 2.5.28, there is an XSS vulnerability in app/View/Elements/Workflows/executionPath.ctp, allowing for the injection of malicious code in the workflow execution path.
Risk Assessment
An attacker could exploit this vulnerability to hijack user sessions or steal data, posing a significant security threat to the application.
Recommendation
It is recommended to upgrade MISP to version 2.5.28 or later to mitigate this vulnerability.
Original NVD description (English source)
In MISP before 2.5.28, app/View/Elements/Workflows/executionPath.ctp allows XSS in the workflow execution path.

