Cyber Resilience

CVE-2025-24017

HighPublic PoC

Published: 21 January 2025

Published
21 January 2025
Modified
09 May 2025
KEV Added
Patch
CVSS Score v3.1 7.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:L
EPSS Score 0.0029 52.2th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-24017 is a high-severity Cross-site Scripting (CWE-79) vulnerability in Yeswiki Yeswiki. Its CVSS base score is 7.6 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 47.8% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-15 (Information Output Filtering).

Deeper analysis

CVE-2025-24017 is a DOM-based cross-site scripting (XSS) vulnerability, classified under CWE-79, affecting YesWiki, a wiki system written in PHP. Versions up to and including 4.4.5 are vulnerable due to improper server-side sanitization in the search by tag feature. When a non-existent tag is searched, it is reflected on the page without proper escaping, enabling attackers to craft malicious links that trigger XSS on any of YesWiki's pages when clicked by a victim. The issue has a CVSS v3.1 base score of 7.6 (AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:L), indicating high integrity impact with low confidentiality and availability effects.

Any unauthenticated end-user can exploit this vulnerability by generating a malicious link that leverages the tag search reflection. Exploitation requires a victim to click the link, after which the XSS payload executes in the victim's browser context. Successful attacks enable account takeover, allowing attackers to steal other users' accounts, modify pages and comments, alter permissions, and extract sensitive user data such as emails. This compromises the integrity, availability, and confidentiality of the affected YesWiki instance.

Mitigation is available in YesWiki version 4.5.0, which patches the server-side sanitization issue. Security practitioners should upgrade to this version immediately. Additional details are provided in the YesWiki GitHub security advisory (GHSA-wphc-5f2j-jhvg) and the specific commit (c1e28b59394957902c31c850219e4504a20db98b) that addresses the flaw.

EU & UK References

Vulnerability details

YesWiki is a wiki system written in PHP. Versions up to and including 4.4.5 are vulnerable to any end-user crafting a DOM based XSS on all of YesWiki's pages which is triggered when a user clicks on a malicious link.…

more

The vulnerability makes use of the search by tag feature. When a tag doesn't exist, the tag is reflected on the page and isn't properly sanitized on the server side which allows a malicious user to generate a link that will trigger an XSS on the client's side when clicked. This vulnerability allows any user to generate a malicious link that will trigger an account takeover when clicked, therefore allowing a user to steal other accounts, modify pages, comments, permissions, extract user data (emails), thus impacting the integrity, availability and confidentiality of a YesWiki instance. Version 4.5.0 contains a patch for the issue.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1204.001 Malicious Link Execution
An adversary may rely upon a user clicking a malicious link in order to gain execution.
Why these techniques?

The DOM-based XSS vulnerability in the public-facing YesWiki wiki application is directly exploited when victims click attacker-crafted malicious links, enabling initial access and subsequent account takeover.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2025-24018Same product: Yeswiki Yeswiki
CVE-2025-24019Same product: Yeswiki Yeswiki
CVE-2025-22765Shared CWE-79
CVE-2024-13885Shared CWE-79
CVE-2025-23645Shared CWE-79
CVE-2025-24544Shared CWE-79
CVE-2025-68037Shared CWE-79
CVE-2025-23725Shared CWE-79
CVE-2025-22357Shared CWE-79
CVE-2026-24955Shared CWE-79

Affected Assets

yeswiki
yeswiki
≤ 4.5.0

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Information Output Filtering directly addresses the lack of server-side sanitization of reflected tag search inputs, preventing DOM-based XSS payloads from executing in victims' browsers.

prevent

Information Input Validation ensures malicious tag inputs are checked and rejected before reflection, blocking the crafting of XSS links.

prevent

Flaw Remediation requires timely patching of the vulnerability, as provided in YesWiki 4.5.0, to eliminate the unsanitized reflection issue.

References