CVE-2025-0397

Name of the Vulnerable Software and Affected Versions reckcn SPPanAdmin version 1.0

Description A cross-site scripting issue was found in the software, allowing for remote exploitation. The manipulation of the name argument in the "/;/admin/role/edit" file leads to this issue. Other parameters might also be affected. The exploit has been publicly disclosed, and the vendor was notified but did not respond.

Recommendations As a temporary workaround, consider disabling access to the "/;/admin/role/edit" file until a patch is available. Restrict the manipulation of the name argument in the affected file to minimize the risk of exploitation. Avoid using the name argument in the "/;/admin/role/edit" file until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.