CVE-2025-23112

Name of the Vulnerable Software and Affected Versions REDCap version 14.9.6

Description A stored cross-site scripting (XSS) issue allows authenticated users to inject malicious scripts into the Survey field name of Survey. When a user receives the survey and clicks on the field name, it triggers the XSS payload.

Recommendations For REDCap version 14.9.6, consider restricting access to the Survey field name to minimize the risk of exploitation until a patch is available. As a temporary workaround, avoid clicking on field names in surveys from untrusted sources. At the moment, there is no information about a newer version that contains a fix for this vulnerability.