CVE-2025-25197

Name of the Vulnerable Software and Affected Versions: Silverstripe Elemental versions prior to 5.3.12

Description: The issue arises from the failure to cast input prior to including it in the grid field, allowing an elemental block to include an XSS payload. This payload can be executed when viewing the "Content blocks in use" report. The vulnerability is specific to this report.

Recommendations: For versions prior to 5.3.12, update to version 5.3.12 to resolve the issue. As a temporary workaround, consider restricting access to the "Content blocks in use" report until the update is applied.