CVE-2025-22388

Name of the Vulnerable Software and Affected Versions Optimizely EPiServer.CMS.Core versions prior to 12.22.0

Description A high-severity Stored Cross-Site Scripting (XSS) issue exists in the CMS, allowing malicious actors to inject and execute arbitrary JavaScript code, potentially compromising user data, escalating privileges, or executing unauthorized actions. The issue exists in multiple areas, including content editing, link management, and file uploads.

Recommendations For versions prior to 12.22.0, update to version 12.22.0 or later to resolve the issue. As a temporary workaround, consider restricting access to content editing, link management, and file uploads to minimize the risk of exploitation. Avoid using potentially vulnerable features in these areas until the issue is resolved.