CVE-2025-0709

Name of the Vulnerable Software and Affected Versions Dcat-Admin version 2.2.1-beta

Description A flaw was found in the Roles Page component of Dcat-Admin, specifically in the file /admin/auth/roles. This issue can be manipulated to lead to cross-site scripting (XSS) and can be initiated remotely. The exploit for this issue has been publicly disclosed, making it potentially usable by attackers.

Recommendations For Dcat-Admin version 2.2.1-beta, as a temporary workaround, consider restricting access to the /admin/auth/roles file until a patch is available. Avoid using the Roles Page component until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.