Cyber Posture

CVE-2025-23591

High

Published: 03 February 2025

Published
03 February 2025
Modified
23 April 2026
KEV Added
Patch
CVSS Score 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
EPSS Score 0.0004 12.3th percentile
Risk Priority 14 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-23591 is a high-severity Cross-site Scripting (CWE-79) vulnerability. Its CVSS base score is 7.1 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 12.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-15 (Information Output Filtering).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-15 Information Output Filtering good match
prevent

SI-15 requires filtering of information outputs to prevent reflected XSS by encoding or escaping malicious inputs before rendering in web pages.

SI-10 Information Input Validation good match
prevent

SI-10 enforces validation of user inputs to reject or sanitize malicious scripts that could be reflected back in the blu Logistics plugin responses.

SI-2 Flaw Remediation good match
prevent

SI-2 mandates identification and correction of flaws like this reflected XSS vulnerability through timely patching of the affected WordPress plugin.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
T1566.002 Spearphishing Link Initial Access
Adversaries may send spearphishing emails with a malicious link in an attempt to gain access to victim systems.
attack.mitre.org →
Why these techniques?

Reflected XSS in public-facing WordPress plugin enables exploitation of public-facing applications (T1190) and facilitates delivery via spearphishing links (T1566.002).

Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1

NVD Description

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in blulogistics1 blu Logistics blu-logistics allows Reflected XSS.This issue affects blu Logistics: from n/a through <= 1.0.0.

Deeper analysisAI

CVE-2025-23591 is an Improper Neutralization of Input During Web Page Generation vulnerability, classified as Reflected Cross-site Scripting (XSS) under CWE-79, affecting the blu Logistics WordPress plugin (also referenced as blulogistics1 blu-logistics). This issue impacts all versions of the plugin from n/a through 1.0.0 inclusive. The vulnerability was published on 2025-02-03.

The vulnerability carries a CVSS v3.1 base score of 7.1 (AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L), indicating network accessibility, low attack complexity, no privileges required, but user interaction needed, with changed scope and low impacts to confidentiality, integrity, and availability. Remote attackers can exploit it by crafting malicious inputs that reflect back to users, such as via phishing links or manipulated requests, tricking authenticated users into executing scripts in their browsers within the site's context.

Mitigation details are available in the Patchstack advisory at https://patchstack.com/database/Wordpress/Plugin/blu-logistics/vulnerability/wordpress-blu-logistics-plugin-1-0-0-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve.

Details

CWE(s)
CWE-79

CVEs Like This One

CVE-2025-23646Shared CWE-79
CVE-2025-24710Shared CWE-79
CVE-2025-24700Shared CWE-79
CVE-2025-68845Shared CWE-79
CVE-2026-22467Shared CWE-79
CVE-2025-23678Shared CWE-79
CVE-2025-23584Shared CWE-79
CVE-2026-27243Shared CWE-79
CVE-2026-28101Shared CWE-79
CVE-2025-26917Shared CWE-79

References