CVE-2025-54997

CVSS v3.1

9.1

Critical

Vector

AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: MonicaHQ version 4.1.1

Description: The issue allows attackers to exploit authenticated client-side injection in journal entry edits, with a medium severity level. A patch is pending, and users should monitor updates closely.

Recommendations: For version 4.1.1, update to a newer version once the pending patch is released to resolve the issue. As a temporary workaround, consider restricting access to journal entry edits until the patch is available.

Exploit

Fix

LPE

Code Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-94

Related Identifiers

BDU:2025-11282

CVE-2025-54997

GHSA-XP75-R577-CVHP

GO-2025-3858

OPENSUSE-SU-2025:15434-1

SUSE-SU-2025:02912-1

Affected Products

Monicahq

Red Os

CVE-2025-54997

Weakness Enumeration

Related Identifiers

Affected Products

References · 55