PT-2025-44441 · Statmatic · Statmatic

Published

2025-10-30

Updated

2025-11-01

CVE-2025-64112

CVSS v3.1

8.0

High

Vector

AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Statmatic versions prior to 5.22.1

Description Statmatic is a Laravel and Git powered content management system (CMS). Stored cross-site scripting (XSS) issues exist in Collections and Taxonomies. Authenticated users with content creation permissions can inject malicious JavaScript. This JavaScript executes when viewed by users with higher privileges.

Recommendations Update to version 5.22.1 or later.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2025-64112

GHSA-G59R-24G3-H7CM

Affected Products

Statmatic

PT-2025-44441 · Statmatic · Statmatic

CVE-2025-64112

Weakness Enumeration

Related Identifiers

Affected Products

References · 13