CVE-2025-22917: My first CVE
2025 Jan 8
See all posts
CVE-2025-22917: My first CVE
I have found my first CVE 🥳🥳. In this post I’ll go over all of it.
On January the 31th I have found a vulnerability in the PHP source code of an american ERP software vendor leading to a reflected cross-site-scripting attack which could in the worst-case cause a full device takeover.
Here are the facts for you:
- CVE ID: CVE-2025-22917
- CVSSv3 Scoring: 5.4 (Medium)
And you can check it out directly on MITRE, Tenable, NIST NVD or VulnDB. Here are the links:
If you are looking for the Proof-of-Concept writeup, its here
CVE-2025-22917: My first CVE
2025 Jan 8 See all postsI have found my first CVE 🥳🥳. In this post I’ll go over all of it.
On January the 31th I have found a vulnerability in the PHP source code of an american ERP software vendor leading to a reflected cross-site-scripting attack which could in the worst-case cause a full device takeover.
Here are the facts for you:
And you can check it out directly on MITRE, Tenable, NIST NVD or VulnDB. Here are the links:
If you are looking for the Proof-of-Concept writeup, its here