CVE-2025-59525

CVSS v4.0

7.7

High

Vector

AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:H/SA:N

Name of the Vulnerable Software and Affected Versions Horilla versions prior to 1.4.0

Description Horilla is a Human Resource Management System (HRMS). Improper sanitization within the application allows for Cross-Site Scripting (XSS) through uploaded SVG files and allowed <embed> tags. This can lead to the execution of JavaScript when users view affected content, such as announcements, potentially resulting in administrative account takeover.

Recommendations Update to version 1.4.0 or later.

Exploit

Fix

XSS

Unrestricted File Upload

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79CWE-434

Related Identifiers

CVE-2025-59525

GHSA-RP5M-VPQR-VPVP

Affected Products

Horilla

CVE-2025-59525

Weakness Enumeration

Related Identifiers

Affected Products

References · 9