CVE-2025-24017
Published: 21 January 2025
Summary
CVE-2025-24017 is a high-severity Cross-site Scripting (CWE-79) vulnerability in Yeswiki Yeswiki. Its CVSS base score is 7.6 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 47.8% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-15 (Information Output Filtering).
Deeper analysis
CVE-2025-24017 is a DOM-based cross-site scripting (XSS) vulnerability, classified under CWE-79, affecting YesWiki, a wiki system written in PHP. Versions up to and including 4.4.5 are vulnerable due to improper server-side sanitization in the search by tag feature. When a non-existent tag is searched, it is reflected on the page without proper escaping, enabling attackers to craft malicious links that trigger XSS on any of YesWiki's pages when clicked by a victim. The issue has a CVSS v3.1 base score of 7.6 (AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:L), indicating high integrity impact with low confidentiality and availability effects.
Any unauthenticated end-user can exploit this vulnerability by generating a malicious link that leverages the tag search reflection. Exploitation requires a victim to click the link, after which the XSS payload executes in the victim's browser context. Successful attacks enable account takeover, allowing attackers to steal other users' accounts, modify pages and comments, alter permissions, and extract sensitive user data such as emails. This compromises the integrity, availability, and confidentiality of the affected YesWiki instance.
Mitigation is available in YesWiki version 4.5.0, which patches the server-side sanitization issue. Security practitioners should upgrade to this version immediately. Additional details are provided in the YesWiki GitHub security advisory (GHSA-wphc-5f2j-jhvg) and the specific commit (c1e28b59394957902c31c850219e4504a20db98b) that addresses the flaw.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-0203
Vulnerability details
YesWiki is a wiki system written in PHP. Versions up to and including 4.4.5 are vulnerable to any end-user crafting a DOM based XSS on all of YesWiki's pages which is triggered when a user clicks on a malicious link.…
more
The vulnerability makes use of the search by tag feature. When a tag doesn't exist, the tag is reflected on the page and isn't properly sanitized on the server side which allows a malicious user to generate a link that will trigger an XSS on the client's side when clicked. This vulnerability allows any user to generate a malicious link that will trigger an account takeover when clicked, therefore allowing a user to steal other accounts, modify pages, comments, permissions, extract user data (emails), thus impacting the integrity, availability and confidentiality of a YesWiki instance. Version 4.5.0 contains a patch for the issue.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The DOM-based XSS vulnerability in the public-facing YesWiki wiki application is directly exploited when victims click attacker-crafted malicious links, enabling initial access and subsequent account takeover.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Information Output Filtering directly addresses the lack of server-side sanitization of reflected tag search inputs, preventing DOM-based XSS payloads from executing in victims' browsers.
Information Input Validation ensures malicious tag inputs are checked and rejected before reflection, blocking the crafting of XSS links.
Flaw Remediation requires timely patching of the vulnerability, as provided in YesWiki 4.5.0, to eliminate the unsanitized reflection issue.