CVE-2025-23485

High

Published: 03 March 2025

Published

03 March 2025

Modified

23 April 2026

KEV Added

—

Patch

—

CVSS Score 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

EPSS Score 0.0011 29.2th percentile

Risk Priority 14 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-23485 is a high-severity Cross-site Scripting (CWE-79) vulnerability. Its CVSS base score is 7.1 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Malicious Link (T1204.001); ranked at the 29.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-15 (Information Output Filtering).

Threat & Defense at a Glance

What attackers do: exploitation maps to Malicious Link (T1204.001) and 2 other techniques. What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-15 Information Output Filtering good match

prevent

Requires filtering of output to web pages to neutralize malicious scripts, directly addressing the improper neutralization of input during web page generation in this reflected XSS vulnerability.

SI-10 Information Input Validation good match

prevent

Enforces validation of user inputs to block malicious XSS payloads before they are processed by the RS Survey plugin.

SI-2 Flaw Remediation good match

prevent

Mandates timely flaw remediation, including patching the specific XSS vulnerability in RS Survey versions through 1.0 as advised by Patchstack.

MITRE ATT&CK Enterprise TechniquesAI

T1204.001 Malicious Link Execution

An adversary may rely upon a user clicking a malicious link in order to gain execution.

attack.mitre.org →

T1539 Steal Web Session Cookie Credential Access

An adversary may steal web application or service session cookies and use them to gain access to web applications or Internet services as an authenticated user without needing credentials.

attack.mitre.org →

T1185 Browser Session Hijacking Collection

Adversaries may take advantage of security vulnerabilities and inherent functionality in browser software to change content, modify user-behaviors, and intercept information as part of various browser session hijacking techniques.

attack.mitre.org →

Why these techniques?

Reflected XSS allows exploitation via crafted malicious links clicked by victims (T1204.001), directly enabling script execution for stealing web session cookies (T1539) and browser session hijacking (T1185).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in richestsoft RS Survey rs-survey allows Reflected XSS.This issue affects RS Survey: from n/a through <= 1.0.

Deeper analysisAI

CVE-2025-23485 is an Improper Neutralization of Input During Web Page Generation vulnerability, classified as Reflected Cross-site Scripting (XSS) under CWE-79, in the RS Survey WordPress plugin developed by richestsoft (rs-survey). This issue affects all versions of the plugin from n/a through 1.0 inclusive, as published on 2025-03-03.

The vulnerability carries a CVSS v3.1 base score of 7.1 (AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L), indicating network accessibility, low attack complexity, no required privileges, and user interaction such as clicking a malicious link. Remote attackers can exploit it by injecting malicious payloads into web pages generated by the plugin, leading to script execution in the context of a victim's browser. This enables potential theft of session cookies or other client-side data, with low impacts to confidentiality, integrity, and availability due to the changed scope.

Patchstack has issued an advisory on the vulnerability specifically for RS Survey plugin version 1.0, available at https://patchstack.com/database/Wordpress/Plugin/rs-survey/vulnerability/wordpress-rs-survey-plugin-1-0-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve, which security practitioners should review for recommended mitigations and patch details.

Details

CWE(s): CWE-79

CVEs Like This One

CVE-2025-12551Shared CWE-79

CVE-2025-68849Shared CWE-79

CVE-2024-13862Shared CWE-79

CVE-2025-23495Shared CWE-79

CVE-2025-23699Shared CWE-79

CVE-2026-32545Shared CWE-79

CVE-2026-32528Shared CWE-79

CVE-2025-26991Shared CWE-79

CVE-2025-26565Shared CWE-79

CVE-2025-23626Shared CWE-79

References

https://patchstack.com/database/Wordpress/Plugin/rs-survey/vulnerability/wordpress-rs-survey-plugin-1-0-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve
audit@patchstack.com